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NETWORK  ACCESS  CONTROL 


IT  execs  such  as  Scott  Erickson  of 
Erickson  Retirement  Communities 
are  finding  out  that  deploying  NAC 
today  is  not  easy.  In  this  report, 
Senior  Editor  Tim  Greene  analyzes 
the  various  approaches  that  you 
can  take  to  achieve  effective 
network  access  control. 

ONLINE 

WWW.NWDOCFINDER.COM/71 25 
FACE-OFF:  Should  your  NAC  device 
be  in-line  rather  than  out-of-band? 
Jeff  Prince  of  ConSentry  Networks 
(yes)  and  Grant  Hartline  of  Mirage 
Networks  (no)  mix  it  up. 


Go  online  to  hear  Prince  and 
Hartline  debate  their  positions 


Also,  go  online  for  a  compilation 
of  our  NAC  coverage. 


And  check  our  NAC  Buyer's  Guide 

WWW.NWDOCFINDER.COM/1 072 


Earlier  daylight-saving  start 
costing  IT  departments  time 


BY  JENNIFER  MEARS 

At  first  blush  it  may  seem  like  no  big  deal:  Clocks 
will  move  ahead  by  an  hour  three  weeks  earlier  than 
usual  this  year.  But  for  today’s  networked  businesses, 
the  simple  change  could  mean  complex  problems  if 
IT  shops  aren’t  prepared,  industry  experts  say 

The  trouble  goes  beyond  missed  meetings  and 
messed-up  schedules  to  errors  within  time-reliant 
applications  that  are  critical  to  a  company’s  busi¬ 
ness  —  processes  such  as  operating  room  schedul¬ 
ing,  billing  and  contract  deadlines,  and  ensuring 
record  compliance  could  be  at  risk.  Any  applica¬ 
tions  dependent  on  timestamps  will  run  into  trouble 
after  March  1 1 ,  the  new  day  for  the  change  in  day¬ 
light-saving  time,  if  actions  aren’t  taken. 

For  more  than  two  decades,  daylight-saving  time 
has  begun  on  the  first  Sunday  of  April  and  reverted 
to  standard  time  on  the  last  Sunday  in  October.  But 


beginning  this  year,  because  of  the  Energy  Policy 
Act  of  2005,  the  daylight-saving  schedule  will  be 
extended  by  a  month,  beginning  on  the  second 
Sunday  in  March  and  ending  on  the  first  Sunday  in 
November.  Legislators  backing  the  change  say  it  will 
save  some  100,000  barrels  of  oil  a  day. 

The  change  also  could  throw  a  wrench  in  IT  sys¬ 
tems  set  up  to  handle  the  old  daylight-saving  sched¬ 
ule.  As  a  result,  IT  professionals  need  to  take  a  close 
look  at  their  systems  and  applications  to  determine 
which  could  be  thrown  off  when  the  change  occurs 
and  then  take  the  necessary  steps  to  correct  them 
(see  graphic,  page  14). 

“My  fear  is  that  a  lot  of  people  aren’t  going  to  real¬ 
ize  this  is  a  big  issue  until  months  down  the  road 
when  they  say  ‘Oops,  why  aren’t  these  dates  lining 
up,’”  says  Scott  Metzger,  CTO  at  consumer  credit 

See  Daylight  saving,  page  14 


Credit  card 
industry  still 
needs  to  plug 
security  gaps 

BY  ELLEN  MESSMER 

Major  credit  card  companies 
have  made  it  mandatory  for  mer¬ 
chants  and  payment  processors 
to  comply  with  stringent  network 
security  rules  that  went  into  effect 
in  mid-2005.  But  getting  buy-in 
from  the  millions  of  companies 
that  handle  credit  card  informa¬ 
tion  remains  elusive. 

American  Express,  Visa  Inter¬ 
national,  MasterCard  Worldwide 
and  Discover  Financial  Services 
are  among  the  backers  of  the 
rules  known  as  the  Payment  Card 
Industry  Data  Security  Standard 
(PCI  DSS). 

See  Security,  page  11 


These  VoIP  players 
know  the  score 


BY  TIM  GREENE 
AND  PHIL  HOCHMUTH 

It’s  a  given  that  with  time  VoIP 
will  replace  traditional  voice  tech¬ 
nology  in  corporate  networks. 
Sales  of  IP  phone  systems  have 
surpassed  those  of 
traditional  PBXs,  and 
business  VoIP  will  ex¬ 
ceed  traditional 
voice  by  2010,  accor¬ 
ding  to  IDC. 

In  the  meantime, 
companies  will  need  technology 
to  make  the  transition  smoothly 
and  expand  VoIP  to  wireless 
phones,  handhelds,  laptops  and 
other  devices.  And  they  wiil  ex¬ 
pect  to  benefit  from  the  new 
capabilities  voice  has  when  it  is 


sent  via  IP;  for  example,  it  can  be 
embedded  in  applications. 

Here  is  a  list  of  10  companies 
that  warrant,  attention  as  the  busi¬ 
ness  environment  shifts  its  voice 
technology: 


lOValP 

COMPANIES 

TO  WATCH 

then  merging  it  with  Brooktrout 
Technolog}'  to  form  Cantata 
Headquarters:  Needham,  Mass. 
Funding:  Undisclosed  invesf 
ments  from  GreenView  As.'f> 
dates,  Oak  Investment  Partners 
See  VoiP,  page  10 


■  Cantata 

Founded:  2006 
CEO:  Marc  Zionts. 
who  helped  spin 
off  Excel  Switch¬ 
ing  from  Lucent, 
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Do  you  know  if  you  have  enough  network  protection? 
You'll  find  out  one  way  or  another. 

Today,  with  so  many  people  working  wirelessly,  the  security  threats  you  face  go  way  beyond  what  antivirus  can  handle.  That's  why  CDW  has  all  the 
technology  you  need  for  full  mobile  security  protection.  From  VPNs  to  data  encryption  to  wireless  security  management  and  beyond,  we're  there  with  a  wide 
variety  of  the  top  names  in  the  industry.  And  we  have  the  expertise  to  answer  questions,  offer  advice  and  build  solutions  that  will  hold  up  to  the  worst  threats 
out  there.  So  call  today  and  get  the  total  protection  you  need. 


Cisco®  ASA  5510  Security  Plus  AppBgnce 

•  Designed  as  a  key  component  of  Cisco's  S%-Defending  Network,  this 
appliance  proactively  protects  your  networlcto  stop  attacks  before  they  spread 

•  Provides  your  business  with  a  market-proven  firewall,  Intrusion  Prevention 
System,  Anti-X  services  and  VPN  capabilities  for  secure,  remote  communications 

•  Delivers  advanced  security  and  networking  sen/ices  for  small  to  medium 
networks  and  remote  offices  in  an  easy-to-deploy,  cost-effective  appliance 


$2729! 

CDW  792590 


Cisco  2811  Integrated  Services  Router 

•  Provides  secure  and  scalable  network  connectivity  for  a  mobile 
workforce,  including  software-based  VPN,  firewall  and 
Intrusion  Prevention  System,  as  well  as  optional  enhanced  VPN 
acceleration  and  Intrusion  Detection  System 

$2239.99  CDW  707661 


Licensing  requires  a  minimum  purchase  of  five  lice 
minimum,  purchase  of  five  kensqjsjndudes  one- 
available  at  CDW.com.  ©2007  COwJgbmoration 


includes  one-year  Gold  Support  (24  x  7  technical  support,  upgrade  protection  and  virus  definition  updates),  call  your  CDlfl/  account  manager  for  details  Licensing  requires  a 
tenance  (9x5  telephone  and  online  technical  support  virus  pattern  updates  and  product  version  upgrades).  Offer  subject  to  CDWs  standard  terms  and  conditions  of  sale. 
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Cisco  Aironet  11 31  AG  Access  Point 

•  Delivers  high-security  and  high-capacity  in  an  unobtrusive, 
office-class  design 

•  Dual  IEEE  802.11a  and  802. 11g  radios  provide  a  combined 
capacity  of  up  to  108Mbps  to  meet  the  needs  of  growing 
wireless  networks 


$451® 

CDW  720068 
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McAfee 


McAfee  Total  Protection  for  Enterprise 

•  Reduces  the  complexity  of  managing 
organizational  security 

•  Includes  host  intrusion  prevention,  antispyware, 
antispam,  antiphishing,  antivirus  and  firewall 

101-250  user  license  $62.99  CDW  964429 


si 


SonicWALL  TZ  190 


•  High-performance  deep  packet  inspection  firewall 

•  Provides  secure  3G  Wireless  Broadband  access  in  an  instant 

•  Provides  powerful  protection  against  viruses,  spyware, 
worms  and  intrusion 

•  Supports  a  wide  variety  of  GSM  and  CDMA-based 
2G/3G  technologies 


.  $819 

CDW  1070160 


Now  ONE  PRICE 
buys  a  license  to  all 
SurfControl  products 


■ 

SurfControl  Enterprise  Protection  Suite 

•  Comprehensive  Internet  Security  for  Continuous 
Productivity  and  Risk  Control 

•  Multi-layered  threat  protection  to  multiple  points  of 
vulnerability,  including  Web,  e-mail,  IM,  peer-to-peer, 
and  mobile  workstations 


I  SurfControl 


Trend  Micro "  OfficeScan  "  Client/Server  Edition 


eiivers  an  integrated  defense  against  viruses  and  oiner  malicious  coue 
sers  can  quickly  install  the  suite  and  be  up  and  running  in  minutes 

1-100  user  license  with  one-year  Maintenance2  $34.99  CDW  639938 


BELKIN 


Belkin  Wireless  G  USB  Network  Adapter 

•  Adds  802. 11g  capabilities  to  your  computer  for 
faster  wireless  networking 

•  Easily  connects  USB-equipped  desktop  or 
notebook  to  your  wireless  network  for  Internet 
and  file  sharing 

$39.98  CDW  674432 


If  TREND  MICRO 

OtiTRENDJ 

MICRO 

■  0We«5c*n 

■  Client /Server  Eoit. or  7  i 

1  »  j 

We're  There  With  The  Security  Solutions  You  Need. 


Innovation,  Intertwined. 

When  networks  converge,  it  all  comes  together  without  a  second  thought. 
Voice  and  data,  delivered  together,  providing  communication  without 
restriction.  With  supreme  flexibility.  So  go  ahead,  accomplish  anything  you 
desire.  Because  now  you  can  do  anything,  connect  with  anyone.  Anytime, 
anywhere.  With  NEC  UNIVERGE®  Solutions. 


iT  SERVICES  AND  SOFTWARE 


MOBILE/BROADBAND  NETWORKING 


COMPUTERS  SEMICONDUCTORS 


IMAGING  AND  DISPLAYS 


www.necunified.com 


Empowered  by  Innovation 


©  2006  NEC  Corp.  NEC  and  the  NEC  logo 
are  registered  trademarks  of  NEC  Corporation, 
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Proceed  with  caution 

IT  execs  such  as  Scott 
Erickson  of  Erickson 
Retirement  Communities 
are  finding  out  that 
deploying  NAC  today  is  not 
easy.  In  this  report,  Senior 
Editor  Tim  Greene  analyzes 
the  various  approaches 
that  you  can  take  to  achieve 
effective  network  access 
control. 


3Com  touts  open  source 

Linux-based  modules  to  support  third-party  applications  in  routers 


BY  PHIL  HOCHMUTH 

3Com  this  week  plans  to  make  a 
fresh  run  at  Cisco  and  Juniper  with  an 
enterprise  network  strategy  focused 
on  embedding  security  management 
and  VoIP  services  from  itself  and  oth¬ 
ers  into  its  routers  and  switches. 

The  company  will  kick  off  its  Open 
Services  Networking  (OSN)  effort  by 
introducing  a  module  for  3Com 
routers  capable  of  running  applica¬ 
tions  from  an  array  of  new  partners, 
such  asVMware,as  well  as  from  open 
source  code.  3Com  says  its  strategy 
rivals  Cisco’s  approach  for  running 
advanced  services  at  the  network 
layer  but  allows  IT  executives  more 
flexibility  in  choosing  such  services. 

Observers  say  3Com  is  taking  a 
novel  approach,  but  that  its  chal¬ 
lenge  will  be  to  execute  and  sustain 
the  effort  better  than  its  past  come¬ 
back  attempts. 

The  news  marks  the  company’s 
first  significant  product  launch 
since  3Com  veteran  Edgar  Masri 
rejoined  the  company  as  its  CEO  in 
August.  The  move  comes  two 
months  after  3Com  bought  out  its 
joint  venture  with  Huawei  Tech¬ 
nologies,  the  China-based  network 
vendor  that  co-developed  and  built 
3Com’s  midsize-  and  large-enter- 
prise  infrastructure  products. 

3Com’s  OSN  module  is  a  Linux- 
based  server  blade  that  fits  into  the 
company’s  6000  series  routers.  It  is 
designed  to  run  applications  that  ben¬ 
efit  from  being  close  to  the  network 
layer,  the  company  says.The  blade  will 
operate  inside  the  6000  unit  on  top  of 
the  core  IP  routing  and  security  layer, 
which  runs  on  a  proprietary  operating 
system  and  hardware,  as  before.  Ad¬ 
ministrators  would  control  the  OSN 
blade  through  a  Web-based  interface, 
independent  of  the  control  interface 
for  the  6000  device. 

3Com  is  partnering  with  four  soft¬ 
ware  vendors,  whose  code  will  be 
able  to  run  on  top  of  the  blades: 


•  Vericept,  which  makes  data  analy¬ 
sis  and  security  software,  as  well  as 
regulatory  compliance  tools  for  the 
Sarbanes-Oxley  Act  and  the  Health 
Insurance  Portability  and  Accounta¬ 
bility  Act. 

•  Q1  Labs,  which  sells  security-event 
correlation  software  that  uses  stan- 
dards-based  NetFlow  data  to  identify 
threats  and  other  potential  problem 
patterns  in  network  traffic. 

•  Converged  Access,  a  maker  of  traf¬ 
fic-management  software  for  control¬ 
ling  and  optimizing  application  flows 
over  WAN  links. 

•  VMware,  EMC’s  server  virtualiza¬ 
tion  subsidiary  whose  technology  will 
let  non-Linux  applications  run  as  a 
service  in  a  virtual-machine  environ¬ 
ment  on  an  OSN  blade. 

In  addition  to  these  applications, 
3Com  says  it  is  working  on  moving  its 
own  VCX  IP  PBX  platform, as  well  as  its 
TippingFbint  intrusion-detection  and 
intrusion-prevention  products  (IDS/ 
IPS),  to  the  ONS  module. 

3Com  is  releasing  the  module  to  lim¬ 
ited  service  provider  and  channel 
partner  customers  this  month,  with 
availability  —  and  pricing  —  for  enter¬ 
prises  expected  in  the  fourth  quarter. 
Also  later  this  year,  3Com  says  it  will 
have  an  ONS  module  equivalent  for 
its  Switch  7000  and  8000  series  Ether¬ 
net  switches, similar  to  services  blades 
for  Cisco’s  Catalyst  6500  —  which 
include  content  delivery  security  wire¬ 
less,  management  and  other  services. 

“It’s  an  interesting  approach  for 
3Com,”  says  Zeus  Kerravala,  an  ana¬ 
lyst  with  the  Yankee  Group. “Anything 
that  can  run  as  an  embedded  service 
on  a  network  can  run  on  [the  OSN 
blade] ;  Their  ability  to  virtualize  ser¬ 
vices,  especially  with  VMware,  allows 
[a  customer]  to  run  almost  anything 
on  the  router? 

Kerravala  says  3Com’s  partnership 
plan  is  a  more  open  approach  to 
adding  network  services  to  hardware 
than  Cisco’s  ISR  technology  scheme. 


On  ISR  products,  which  also  use 
Linux-based  Network  Services  Mod¬ 
ules  for  services,  only  Cisco-based 
network  service  and  application 
packages,  such  as  CallManager  IP 
PBX  or  IDS/IPS,  can  be  added. These 
services  are  tightly  coupled  to  the 
hardware  in  the  router. 

3Com  also  supports  several  open 
source  software  packages  to  run  on 
the  OSN  modules.Supported  software 
includes  Multi-Router  Traffic  Grapher; 
Nagios,  a  service-level  agreement  re¬ 
porting  tool;  NTOP  a  traffic-analysis 
tool;  and  Wireshark,  which  can  cap¬ 
ture  and  analyze  packet  streams. 
3Com  says  it  plans  to  add  more  open 
source  packages  this  year,  such  as 
Snort  intrusion  detection,  and  other 
technologies  around  application  opti¬ 
mization,  caching  and  content  deliv¬ 
ery  and  authentication. 

These  will  be  available  as  add-on 
packages.  Customers,  3Com  partners 
and  resellers  will  be  able  to  download, 
configure  and  install  them  on  the 
routers  via  a  secure  Web  portal.  3Com 
plans  to  launch  the  program,  called 
3Com  Open  Network,  this  week. 

While  3Com’s  OSN  strategy  may  be 
more  open  than  its  competitors’, 
Cisco’s  tighter  control  also  assures 
high  reliability  and  protection  from 
misconfiguration  or  security  gaps.  ■ 


•  Why  he  returned 
to  3Com. 

•  What  the  Huawei 
buyout  means 
to  users. 

•  What  to  expect  from 
the  company  in  '07. 
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IBM  bets  on  social  networking 

a§  IBM/Lotus  is  betting  heavily  that  social  network¬ 
ing  software  will  be  a  boon  to  corporate  productiv¬ 
ity.  At  its  annual  Lotusphere  conference,  the  com¬ 
pany  unveiled  its  first  integrated  bundle  of  social 
networking  tools  slated  to  ship  later  this  year.  Lotus 
Connections  includes  blogging,  bookmark  sharing, 
user  profiles  and  software  to  track  activities  and 
build  online  communities.  In  addition,  IBM  show¬ 
cased  its  next  wave  of  tools  with  a  “social  software” 
pedigree  that  target  business  intelligence,  real-time 
communications  and  development  of  Web  2.0 
applications.  Though  some  observers  question  the 
management  and  training  challenges  corporations 
may  face  in  rolling  out  such  tools,  Erica  Driver,  prin¬ 
cipal  analyst  at  Forrester,  thinks  IBM  is  headed  in  the 
right  direction.“This  is  how  [younger  workers]  inter¬ 
act,  this  is  how  they  live.  Shortly  it  will  be  a  disad¬ 
vantage  for  companies  that  don’t  put  social  net¬ 
working  in  place,  because  these  tools  can  improve 
information  worker  productivity? 

Cisco  security  problems 

■  Cisco  last  week  warned  of  three  vulnerabilities 
within  its  IOS  software  that  could  allow  a  denial-of- 
service  attack  or  let  a  hacker  run  arbitrary  code  on 
an  affected  switch  or  router.  One  is  a  TCP  packet 
problem  related  to  a  memory  leak  in  certain  ver¬ 
sions  of  IOS.There’s  also  an  IPv6  router  header  vul¬ 
nerability,  and  a  bug  concerning  how  IOS  pro¬ 
cesses  IPv4  packets  with  a  specially  crafted  IP 
option.  The  U.S.  Computer  Emergency  Readiness 
Team  warns  that  all  three  vulnerabilities  could 
cause  a  device  to  reload  its  operating  system. This 
could  cause  a  secondary,  sustained  DoS  condition 
because  packets  won’t  go  through  the  device. 
Cisco  has  published  workarounds  and  issued  an 
updated  version  of  the  software. 

NIST  competition  kicks  off 

ffl  The  National  Institute  of  Standards  and 
Technology  last  week  announced  a  public  competi¬ 
tion  to  pick  a  new  cryptographic  hash  algorithm  that 
will  become  the  new  federal  information  processing 
standard.  A  cryptographic  hash  algorithm  is  a  highly 
complex  math  formula  that  can  be  used  to  create 
digital  signatures  and  authenticate  data  to  ensure  it 
hasn’t  been  tampered  with. The  current  NIST  federal 
hash  standards  include  variations  of  the  Secure 
Hash  Algorithm, SHA-l,SHA-2,SHA-256,SHA-384  and 
SHA-512.  Because  cryptographic  researchers  have 
reported  serious  attacks  against  these  algorithms, 
NIST  will  start  what’s  expected  to  be  at  least  a  three- 
year  process  to  find  a  new  hash  standard  by  eliciting 
public  comment  and  submissions.  The  approach  is 
not  unprecedented:  NIST  carried  out  this  type  of 
evaluation  process  several  years  ago  to  find  the 
replacement  for  the  Digital  Encryption  Standard, 
which  after  a  lively  global  competition,  ended  with 
the  selection  of  the  now  widely  used  Advanced 
Encryption  Standard. 


Telecom  growth  healthy 

■  The  telecommunications  market  con¬ 
tinued  to  consolidate  throughout  2006, 
but  that  consolidation  proved  beneficial 
for  the  worldwide  telecom  industry 
which  grew  11.2%  in  2006  to  $3  trillion. 

The  Telecommunications  Industry 
Associations  reported  the  growth  in  its 
annual  market  review  and  forecast, 
released  last  week.  The  U.S.  market 
accounted  for  $923  billion  in  revenue, 
an  increase  from  $845  billion  in  2005. 

Growth  in  the  United  States  is  in  part 
caused  by  bundled  offerings  from  incumbent 
providers  and  cable  competitors.  Other  drivers 
include  greater  numbers  of  residential  users  adopt¬ 
ing  VoIP  and  a  surge  in  wireless  data  usage. 
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“The  information  technology 
business  as  it  pertains  to  large 
businesses  has  become  a  lot  of 
maintenance.” 

Dave  Girouard,  general  manager  of  enterprise  business,  Google 

See  story  at  www.nwdoGfinder.com/7142 


TheGoodTheBadTheUgly 

<  Carriers:  Cell  phones  are  safe,  a 

four-year  study  of  cellular  telephone  base  stations  has 
found  their  transmissions  pose  no  risk  to  human  health. 
One  not-so-surprising  caveat:  Mitsubishi  Chemical  Safety 
Institute  carried  out  the  study  for  Japan's  three  largest 
cellular  carriers:  NTT  DoCoMo,  KDDI  and  Softbank 
Mobile. 

Google  laments  complexity.  Speaking 

in  Boston  last  week  at  the  Mass  Technology  Leadership 
Council’s  annual  meeting,  Google's  Dave  Girouard  said 
the  "insane  complexity"  of  technology  is  leading  companies  to  spend 
75%  to  80%  of  IT  budgets  simply  maintaining  the  systems  they 
already  have. 

U.S.  cities  not  so  smart.  For  the  second  year  run¬ 
ning,  no  U.S.  city  has  made  the  list  of  the  world's  top  Intelligent 
Communities  of  2007,  as  selected  by  global  think  tank  Intelligent 
Community  Forum.  The  ICF  selects  its  list  based  on  how  advanced  the 
communities  are  in  deploying  broadband,  building  a  knowledge-based 
workforce,  combining  government  and  private-sector  digital  inclusion, 
fostering  innovation  and  marketing  economic  development. 


devices  forming  peer-to-peer,  meshed  networks, 
where  individual  antennas  could  form  a  much 
larger,  virtual  multi-antenna  system. “Every  device 
will  have  intelligence  for  discovery,  routing  and 
relaying  information  for  others”  in  the  network, 
Tuninetti  says. 


Ashcroft  advises  software  company 

■  A  company  advised  by  former  U.S.  Attorney 
General  John  Ashcroft  is  selling  software  designed  to 
detect  internal  fraud  and  help  companies  comply 
with  Sarbanes-Oxley  requirements.  D2C  Solutions, 
founded  as  a  consulting  firm  in  2000,  reinvented  itself 
as  a  software  company  one  year  ago.  The  company’s 
risk  and  compliance  management  software  for  ERP 
systems  tracks  user  access  to  financial  systems  to 
make  sure  employees  don’t  gain  unauthorized 
access  that  could  let  them  commit  fraud.  As  a  paid 
adviser  to  D2C,  Ashcroft  “provides  us  guidance  on  his 
understanding  of  the  state  of  the  market,  what  our 
products  need  to  be  doing  to  help  customers,  and 
helping  us  figure  out  the  best  way  to  position  our 
product  in  the  eyes  of  regulatory  agencies,"  says  D2C 
President  Waters  Davis. 

A  new  way  to  look  at  interference 

■  A  University  of  Illinois  researcher  is  trying  the 
wireless  equivalent  of  making  a  silk  purse  out  of 
a  sow’s  ear.  The  National  Science  Foundation  has 
awarded  Daniela  Tuninetti  a  five-year,  $400,000 
grant  to  explore  ways  of  using  radio  interference 
to  improve  wireless  communications.  Inter¬ 
ference  is  not  a  random  phenomenon;  it’s  a  com¬ 
munication  between  two  radios,  with  a  structure, 
“and  it  can  be  exploited,” says  Tuninetti,  who  is  an 
assistant  professor  of  electrical  and  computer 
engineering  at  the  university’s  Chicago  campus. 
She  envisions  a  group  of  client  devices  coopera¬ 
tively  monitoring  the  radio  environment  and 
sharing  power,  signal  strength,  signal  processing 
and  other  resources  to  enable  and  support  opti¬ 
mal  communications.  She  foresees  handheld 


PCs  eclipsing  spouses 

■  Having  trouble  remembering  you’re  married? 
Forget  what  your  significant  other  looks  like? 
There  might  be  a  good  reason  for  that:  65%  of  PC 
users  spend  more  time  with  their  home  computer 
than  their  spouse  or  significant  other,  according 
to  a  recent  study.  People’s  increasing  dependence 
on  technology  is  partly  to  blame,  according  to 
industry  research  firm  Kelton  Research,  which 
conducted  the  survey  of  1,000  American  adults 
with  a  PC  and  broadband  Internet  access.  In  the 
Cyber  Stress  study,  84%  of  respondents  say  they 
are  more  dependent  on  their  PCs  “in  their  every¬ 
day  lives”  than  they  were  three  years  ago.  The 
study  also  found  that,  while  PC  users  admit  to 
making  quality  time  with  their  desktops  a  priority 
over  human  interaction,  it’s  not  always  fun.  The 
average  survey  respondent  reported  experiencing 
computer  problems  eight  times  over  the  past 
three  years.  Roughly  half  of  those  polled  said 
computer  problems  incited  feelings  of  “anger,  sad¬ 
ness  or  alienation.” 

hm  COMPENDIUM 

What  will  Google  kill  today? 

Paul  Browne  recently  declared  that  Google 
Spreadsheets  will  mean  the  end  of  Java. 

Google  provides  a  host  of  other  things  it’s 
supposedly  going  to  kill,  including:  Microsoft, 
eBay,  book  publishers, TV,  libraries  and  all  of 
us.  Read  more  at 
www.nwdocfinder.com/7141. 


LURKING  IN  THE  EMPTINESS  THAT  MAKES  UP  70%  OF  YOUR  SERVER  STACKS. 


Discover  SUSE®  Linux  Enterprise  Server  10  from  Novell®.  Infrastructure  for  innovation!” 

It’s  the  infrastructure  you  need  to  harness  the  innovation  you’re  losing  managing  server  sprawl.  With  built-in 
virtualization,  advanced  clustering  capabilities  and  more  enterprise  applications,  all  fully  secure  and  fully 
supported,  SUSE  Linux  Enterprise  Server  10  makes  consolidating  servers  easy  and  affordable.  So  you  can 
fill  fewer  servers  with  more  performance.  Just  one  more  piece  of  the  Open  Enterprise:  all  the  infrastructure 
it  takes  to  innovate. 


Innovate  today  at  www.novell.com/linux 


Novell. 

This  Is  Your  Open  Enterprise.  " 


Copyright  ©2006  Novell,  Inc.  All  rights  reserved.  Novell,  the  Novell  logo,  and  SUSE  are  registered  trademarks  and  This  Is  Your  Open  Enterprise  and  Infrastructure  (or  innovation  are  trademarks  ot  Novell, 
Inc.  in  the  United  States  and  other  countries.  'Linux  is  a  registered  trademark  of  Linus  Torvalds.  All  third-party  trademarks  are  the  property  of  their  respective  owners. 


BLOGOSPHERE 

Would  you  trust  this  company? 

Plus:  Easier  Linux,  cleaner  sound  and  better  fingerprinting 


Would  you  trust  this  company?  Says  Paul 
McNamara  in  Buzzblog:“So  what  would  you  say 
if  I  asked  you  to  input  your  Social  Security  and 
credit  card  numbers  into  this  handy-dandy 
search  box  on  my  Web  site  and  then  I’ll  go  scan 
the  Internet  to  make  sure  that  your  personal  info 
hasn’t  already  fallen  into  the  hands  of  identity 
thieves?  You  say  you’d  sooner  set  your  hair  on 
fire  and  let  me  put  it  out  with  an  ice  pick?”  That’s 
the  idea  behind  a  new  service  called  StolenlD 
Search,  www.nwdocfinder.com/7148 

Linux  getting  easier.  James  Gaskin  relays  the 
news  that  Linspire  will  be  allowing  access  to  its 
CNR  (Click-n-Run)  application  warehouse  for 
free  and  will  work  with  major  Linux  providers  to 
make  CNR  a  one-click  installation  resource  for 
many  Linux  operating  systems.  Writes  Gaskin, 
“Windows  wins  the  easy  application  installation 
race  against  Linux  almost  every  time,  but  that 
may  change  with  this  new,  and  welcomed,  coor¬ 
dination  and  collaboration  among  Linux  ven¬ 


dors.  www.nwdocfinder.com/7149 

The  portable  sound  studio.  If  you’re  on  the 
road  but  still  need  to  record  that  all-important 
podcast,  how  do  you  block  out  ambient  noise 
that  could  make  the  podcast  sound  amateurish? 
Multimedia  Exchange’s  Jason  Meserve  and 
Brian  Wood,  the  sound  guy  found  an  article  for 
building  a  portable  sound  studio.  Brian’s  going 
to  build  one, and  Jason  will  publish  the  results  of 
their  tests  in  his  blog,  www.nwdocfinder 
.com/7150 

Building  a  better  fingerprint.  The  Alpha 
Doggs  blog  reports  on  research  into  biometric 
authentication  devices,  and  the  research  is  actu¬ 
ally  pretty  basic.  They’re  asking  questions  like, 
what’s  the  best  height  for  a  work  surface  used  for 
a  fingerprint  sensor?  The  answer  is  twofold:  36 
inches  yields  the  fastest  results,  and  26  inches 
yields  the  best  image  quality,  www.nwdocfind 
er.com/7151 
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mo  Hot  Seat  into  views,  the  coolest  tools  and  more 


PEERSAY 

From  our  online  forums 

m  Dumb  cities?  A  list  of 
"intelligent"  cities  that  didn’t 
include  any  in  the  United 
States  got  readers  talking. 
What  about  Cambridge,  Mass? 
Or  Cleveland?  Cleveland 
ranked  above  Cambridge, 
apparently. 

www.nwdocfinder.com/7133 

n  The  naked  truth  about 
teleworkers.  Do  you  work  at 
home  in  the  nude?  The  owner 
of  a  nudist  colony  in 
California  writes  in:  “I  have 
known  about  this  phenome¬ 
non  for  years.  I  would  say 
80%  of  our  guests  bring  their 
laptops  here  and  work  at  the 
poolside  nude.  They  all  com¬ 
ment  that  it  is  the  most  fun 
part  of  having  to  be  plugged 
into  the  office.  And  our 
guests  all  say  when  they  are 
at  home  working  and  the  kids 
aren't  around,  they  work  nude. 
It  gives  them  a  feeling  of  free¬ 
dom  for  being  forced  to  work 
on  their  own  time.” 
www.nwdocfinder.com/7134 

■  RDBMS  vs.  LDAP.  A  reader 
wonders:  “Which  one  is  better 
when  I  need  reporting  on  the 
stored  data?” 

www.nwdocfinder.com/7135 

■  The  10  network-iest 
movies  of  all  time.  We  post 
ed  our  list;  readers  can't 
believe  what  we  left  off: 
Where’s  “The  Lawnmower 
Man"?  HAL  from  “2001:  A 
Space  Odyssey?"  And,  of 
course,  "Tron."  Not  to  mention 
"Minority  Report,"  the  Tom 
Cruise  movie  in  which  every¬ 
one  walks  by  a  store  and  some 
hologram  knows  their  name, 
RFID  at  its  finest" 
www.nwdocfinder.com/7136 


nww.com 

Cisco  subnet 

Check  out  Network  World's  new  Cisco 
subnet,  the  independent  voice  for  Cisco 
customers.  Our  editors  scour  the  Web 
for  the  most  important  Cisco-related 
news,  blogs,  security  alerts  and  more 
—  all  presented  on  one  page. 
www.cwdocrinder.cea/7073 


Hot  Seat: 

Think  like 
a  hacker. 

Ajit 

Sancheti 
explains  why  Mu  Security’s 
zero-day  vulnerability  scan¬ 
ners  can  help  you  root  out 
potential  flaws  before  they 
become  a  problem. 
www.nwdocfinder.com/71 44 


Cool  Tools: 

CES  wrap- 
up. 

Catch  up 
on  all  of 
Keith  Shaw's  coverage 
from  CES:  six  videos  that 
dig  up  the  best  gems  from 
the  world  of  consumer  elec¬ 
tronics. 

www.nwdocfinder.com/71 45 


Twisted  pair: 

Stay  away 
from  mon¬ 
key  roses. 

Jason 

|  Meserve  and  Keith  talk  about 
j  the  latest  Cisco  IOS  vulner- 
j  abilities,  the  European  Storm 
j  Worm  outbreak,  and  why 
i  your  spouse  should  be  more 
|  important  than  your  PC. 
i  www.nwdocfinder.com/7146 


BEST  OF  NW’S 

AT&T  unifies 
wireless,  wire- 
line  calling 

Plus:  A  world  with  no 
wires;  HP  claims  chip 
breakthrough 

Convergence  &  VoIP: 

Analysts  Steve  Taylor  and  Larry 
Hettick  report  on  Unity,  AT&T’s 
program  of  unlimited  free  call¬ 
ing  between  its  wireless  and 
wireline  phone  subscribers. 
www.nwdocfinder.com/7128 

Wireless  in  the  enterprise: 

Imagine  when  all  the  network 
cables  in  your  organization 
have  disappeared.  Could  it  ever 
happen?  Editor  Joanie  Wexler 
reports. 

www.nwdocfinder.com/7129 

Network  access  control: 

Senior  Editor  Tim  Greene  looks 
at  Fortinet’s  plans  to  release  an 
enterprise  access  switch  that 
enforces  NAC  policies  plus 
other  security  functions. 
www.nwdocfinder.com/7130 

Servers:  Senior  Editor  Deni 
Connor  details  HP’s  chip-archi¬ 
tecture  technology,  which  the 
company  claims  dramatically 
increases  performance  and 
reduces  power  consumption. 
www.nwdocfinder.com/7131 

Identity  management:  RSA 

develops  a  new  authentication 
factor  that  involves  somebody 
you  know.  Writer  Dave  Kearns 
explains  how  it  works. 

www.nwdocfinder.com/7132 

Linux:  Senior  Editor  Phil 
Hochmuth  reports  about  a  tool 
that  is  available  for  Linux 
administrators  interested  in 
Security  Enhanced  Linux,  but 
they  are  hesitant  to  deploy  the 
technology  because  of  its  com¬ 
plexity. 

www.nwdocfinder.com/7153 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40 
newsletters  on  key  network  topics. 

www.nwdocfinder.com/1 002 


ASK  THE 

ELPDESK  Find  the  answers  to  these  prickly  problems  online. 

■  This  week:  Protecting  DNS  servers  from  hackers. 


Ron  Nutter  helps  a  user  protect  his  DNS 
servers  from  hackers. 

Help  Desk  response: 
www.nwdocfinder.com/7137 


Robin  Gareiss  looks  at  implications  for  the 
branch  office  of  Microsoft/Nortel’sVoIP  plan. 

Help  Desk  response: 
www.nwdocfinder.com/7139 


Mike  Karp  looks  at  the  latest  version  of  IBM’s 
Tivoli  Storage  Manager. 

Help  Desk  response: 
www.nwdocfinder.com/7138 


M.E.  Kabay  ponders  some  age-old  challenges 
of  identity  management. 

Help  Desk  response: 
www.nwdocfinder.com/7140 


THE  NEW  COLOR  OF  NETWORK  SECURITY. 


Firewall/VPN  Anti-Virus  Anti-Spyware  Intrusion  Prevention  Anti-Spam  Web  Filtering  Mail  Server  High  Availability  IM/P2P  Control 


eSoft  takes  the  complexity  out  of  network  security 


eSoft 


Simply  better  network  security.™ 


From  the  Gateway  to  the  Desktop,  Spam  to  Spyware, 
eSoft’s  award-winning  InstaGate™  Unified  Threat 
Management  (UTM)  and  ThreatWall™  Secure  Content 
Management  (SCM)  platforms  have  brought  new 
levels  of  simplicity  and  protection  to  thousands  of 
organizations  worldwide. 

Sign  up  today  for  a  free  half-hour  security  assessment 
with  one  of  our  experts:  www.esoft.com/white 
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VoIP 

continued  from  page  1 

and  TowerBrook  Capital  Partners. 

What  it  offers:  Technology  for  core  and 
peripheral  support  of  IP  communications, 
including  media  servers,  speech  recogni¬ 
tion  software,  enhanced  IP  services  soft¬ 
ware,  and  combination  IP 
and  TDM  voice  signaling. 

Why  company  is  worth 
watching:  It  can  provide 
products  that  will  become 
more  sought-after,  as  large 
corporations  and  service 
providers  adopt  VoIP  and 
need  to  revise  their  infrastructure. 

How  it  got  its  start:  The  merger  of 
Brooktrout  Technology  and  Excel 
Switching. 

Who  uses  the  product:  Alcoa,  Bank  of 
America,  Comcast, Verizon. 

■  DiVitas  Networks 

Founded:  2005 

CEO:  Vrvek  Khuller,  formerly  with  Clear- 
stone  Venture  Partners,  Sycamore  Networks 
and  Verizon. 

Headquarters:  Mountain  View,  Calif. 

Funding:  $23  million  from  Clearstone 
Venture  Partners  and  private  investors. 

What  it  offers:  Mobility  Communication 
Platform,  an  appliance  that  combines  VoIP 
security  wireless  LAN  (WLAN)  switching 
and  cellular  connectivity  for  Vo-Fi-to-cellu- 
lar  roaming.  The  product  is  not  yet  avail¬ 
able. 

Why  company  is  worth  watching:  Fixed- 
mobile  convergence  is  being  identified  as 
the  next  big  technology  challenge  for  enter¬ 
prises  and  carriers.  DiVitas  says  its  product 
someday  could  let  businesses  give  employ¬ 
ees  a  single  device  for  all  communications. 

How  it  got  its  start:  Khuller  was  a  venture 
capitalist  who  came  up  with  the  idea  to 
create  the  company,  then  shifted  over  to 
running  it. 

Who  uses  the  product:  So  far,  WLAN  ven¬ 
dors  Trapeze,  Symbol  and  AirMagnet  have 
announced  partnerships  with  DiVitas,  but 
the  company  keeps  information  about  its 
enterprise  beta  customers  close  to  the  vest. 

ts  Vonexus 

Founded:  2004 

President:  Jerry  Fleming,  former  executive 
vice  president  of  Interactive  Intelligence, 
the  parent  company  of  Vonexus. 

Headquarters:  Indianapolis 

Funding:  Privately  backed  by  Interactive 
Intelligence. 

What  it  offers:  An  all-software  IP  PBX  cus¬ 
tomized  for  Microsoft  networks. 

Why  company  is  worth  watching:  The 
company  says  its  Enterprise  Interaction 
Center  breaks  apart  the  traditional,  central¬ 
ized  call-center  model  and  makes  customer 
service  operations  less  expensive  to  run  and 
easier  to  manage.  EIC  uses  Session  Initiation 
Protocol  (SIP)-based  software  clients,  which 


provide  a  telephony  interface  and  access  to 
other  Microsoft-based  applications. 

How  it  got  its  start:  Spun  off  from  Inter¬ 
active  Intelligence,  which  makes  large- 
enterprise  contact  center  software. 

Who  uses  the  product:  Broyles  Kight  & 
Ricafort  (law  firm),  Dupaco  Community 
Credit  Union. 

■  Fonality 

Founded:  2003 
CEO:  Chris  Lyman  previ¬ 
ously  founded  Virtualis,  a 
Web  hosting  company, 
which  he  sold  to  Alle¬ 
giance  Telecom,  where  he 

was  a  manager. 

Headquarters:  Los  Angeles 

Funding:  $5  million  from  Azure  Capital 
Partners. 

What  it  offers:  PBXtra,  a  prepackaged, 
Asterisk-based  IP  PBX;  and  Trixbox,  a  small- 
office  VoIP  system  with  optional  open 
source  packages,  such  as  SugarCRM, 
Apache  Web  server  and  other  software,  inte¬ 
grated  with  telephony 

Why  company  is  worth  watching:  AMI 
Partners  research  says  the  small  and  mid¬ 
size  business  (SMB)  VoIP  market  will  reach 
$4.5  billion  by  2008,  and  Fonality  is  target¬ 
ing  this  market. 

How  it  got  its  start:  Before  Fonality  CEO 
Lyman  was  looking  for  a  phone  system  for 
his  previous  business  as  a  residential  VoIP 
provider  and  decided  to  build  his  own. 

Who  uses  the  product:  U.S.  Network 
Management,  an  IT  consulting  firm,  other 
telecom  channel  partners. 

■  Four  Loop  Technologies 

Founded: 2003 

CEO:  CEO  Joshua  Stephens  was  an  engi¬ 
neer  with  Vivendi,  where  he  developed 
multimedia  access  technology;  he  previ¬ 
ously  had  worked  at  Qualcomm,  where  he 
helped  develop  the  Eudora  e-mail  system. 

Headquarters:  San  Diego 

Funding:  Private,  amount  not  disclosed. 

What  it  offers:  Switch  Vox,  an  IP  PBX  and 
messaging  application  platform  based  on 
the  Asterisk  open  source  telephony  server. 

Why  company  is  worth  watching:  While 
large  VoIP  deployments  make  headlines,  a 
majority  of  business  telephones  installed 
are  in  SMBs.  Switch  Vox  says  it  has  an  inex¬ 
pensive,  reliable, simple-to-use  VoIP  package. 

How  it  got  its  start:  SwitchVox’s  inven¬ 
tors,  two  multimedia  technologists  from 
the  merged  Vivendi  Universal/MP3.com, 
wanted  to  create  a  simple,  open  source- 
based  VoIP  server. 

Who  uses  the  product:  SMB-focused 
IT/telephony  channel  partners. 

■  NewStep  Technology 

Founded:  2003 

CEO:  Neil  Baimel,  former  CEO  of 
Syndesis,  maker  of  service-fulfillment  soft¬ 
ware  for  service  providers. 

Headquarters:  Toronto 


Funding:  $11.7  million  from  Vengrowth 
Private  Equity  Partners. 

What  it  offers:  Hardware  and  software  that 
broker  signaling  among  disparate  commu¬ 
nications  networks  to  facilitate,  for  instance, 
linking  traditional  PBX  calls  to  Wi-Fi  hand¬ 
sets  within  businesses. 

Why  company  is  worth  watching:  As  busi¬ 
nesses  convert  to  IRthis  will  enable  expand¬ 
ing  connections  to  IP  phones,  softphones 
and  various  handheld  devices,  as  well  as 
traditional  phones,  without  forklifting  cur¬ 
rent  hardware. 

How  it  got  its  start:  It  spun  off  from  Bell 
Canada. 

Who  uses  the  product:  Embarq. 

■  Sipera 

Founded:  2003 

CEO:  Seshu  Madhavapeddy  who  joined  in 
2005,  was  co-founder  of  Spatial  Wireless 
(acquired  by  Alcatel  for  $300  million  in 
2004),  and  is  entrepreneur-in-residence  at 
venture  capital  outfit  Austin  Ventures. 

Headquarters:  Richardson, Texas 

Funding:  $19.5  million  from  Austin 
Ventures,  Star  Ventures  and  others. 

What  it  offers:  Sipera  Internet  Protocol 
Communications  Security  (IPCS)  boxes 
provide  firewall  and  threat-protection  ser¬ 
vices  specific  to  VoIP  networks  and  proto¬ 
cols,  such  as  H.323,  SIP  Cisco’s  SCCP  and 
other  technologies. 

Why  company  is  worth  watching:  Some 
analysts  say  VoIP  technology  is  ripe  for  the 
picking  by  hackers  and  malware  crafters.As 
enterprises  convert  PBXs  to  server-based 
VoIP  systems,  and  consumers  cut  their  cop¬ 
per  plain  old  telephone  service  lines  for 
VoIP  protecting  traffic  will  become  increas¬ 
ingly  important. 

How  it  got  its  start:  Founder  and  CTO 
Krishna  Kurapati  sold  IPCell  Technologies 
to  Cisco  for  $213  million  in  2000,  then 
pulled  together  a  team  of  engineers  to 
begin  work  on  enterprise  VoIP  security  out 
of  a  one-bedroom  apartment  in  Dallas. 

Who  uses  the  product:  Goldsmith-Agio- 
Helms,  a  Minneapolis-based  private  invest¬ 
ment  bank,  and  Avaya.  Nortel  has 
announced  interoperability  with  IPCS. 

■  FirstHand  Technologies 

Founded:  2002 

CEO:  David  Hattey,  former  3Com  vice 
president  in  charge  of  enterprise  VoIP  gear. 

Headquarters:  Ottawa 

Funding:  $16.5  million  through  three 
rounds  from  BDC  Venture  Capital,  Coving¬ 
ton  Capital,  Skypoint  Capital,  Venturelab 
Partners. 

What  it  offers:  Software  that  extends  PBX 
functions  to  handheld  devices. 

Why  company  is  worth  watching:  Its 
products  will  help  companies  integrate 
VoIP  with  their  Wi-Fi  networks  and  com¬ 
mercial  wireless  services  to  broaden  the 
reach  of  corporate  PBXs. 

How  it  got  its  start:  Alain  Mouttham 
licensed  critical  technology  from  Columbia 


University  to  kick  off  the  company 

Who  uses  the  product:  OneConnect, 
Nortel. 

■  SyncVoice 

Founded:  2001 

CEO:  Stephen  Rizzone,  former  CEO  of  IP3 
Networks,  a  maker  of  network-access  appli¬ 
ances  that  was  bought  by  Second  Rule  LLC. 

Headquarters:  Costa  Mesa,  Calif. 

Funding:  $4  million  Series  A  funding  from 
Clearstone  Venture  Partners  and  Hummer 
Winblad  Venture  Partners. 

What  it  offers:  VXTracker  management 
software  for  unifying  management, security 
and  performance  of  hybrid  voice  networks. 

Why  company  is  worth  watching:  As  busi¬ 
nesses  make  the  transition  to  VoIRthey  will 
be  faced  with  multivendor  environments  in 
which  an  overriding  management  platform 
can  serve  as  a  time-  and  cost-saving  tool. 

How  it  got  its  start:  Through  working  on 
voice  networks,  company  founder  Kerry 
Shih  found  there  were  no  tools  to  manage 
voice  to  IT  standards,  so  he  created  one. 

Who  uses  the  product:  Grant  Thornton. 

■  Pingtel 

Founded:  1999 

CEO:  William  Rich,  formerly  a  venture 
capitalist  with  St.  Paul  Venture  Capital; 
before  that,  he  had  been  CEO  ofVocalData, 
a  maker  of  feature  servers  for  service 
providers. 

Headquarters:  Woburn,  Mass. 

Funding:  $15  million  from  Vesbridge 
Partners  and  SAIC  Venture  Capital  since 
2004,  when  the  company  reformed  to  focus 
on  IP  PBXs. 

What  it  offers:  A  SIP  PBX  called 
SIPxchange  that  is  based  on  open  source 
software. 

Why  company  is  worth  watching:  The 

company’s  open  source  IP  PBX  offers  busi¬ 
nesses  low-cost  entry  to  VoIP  and  the  ability 
to  customize  features  in-house. 

How  it  got  its  start:  The  company  recast 
itself  in  2004  as  the  creator  of  an  open 
source  IP  PBX  company 

Who  uses  the  product:  Amazon.com, 
Earthlink,  Houghton  College.  ■ 


More  VoIP  online 

Take  a  look  at  our  exclusive  online 
package,  which  includes: 

David  Endler.  chairman  and  founder  of  the 
VoIP  Security  Alliance,  as  well  as  director  of 
security  research  for  TippingPoint,  talking 
about  VoIP  threats  and  what  you  can  do  to 
protect  your  company. 

VoIP  tips:  Our  recommendations  on  how  to 
save  money  and  protect  your  VoIP  nets. 

Top  5  Big  VoIP  vendors:  We  take  a  look  at 
established  companies  with  big  VoIP  activities: 
eBay,  Google,  IBM,  Microsoft  and  Oracle. 

www.nwdocTinder.Goni/7156 
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Security 

continued  from  page  1 

“All  the  merchants  are  required 
to  comply  with  the  PCI  data-secu- 
rity  standards  or  face  fines,”  says 
Rob  Tourt,  vice  president  of  net¬ 
work  services  at  Discover.  Yet 
adoption  of  PCI  DSS  is  not  wide¬ 
spread,  Tourt  admits,  though  he 
wouldn’t  disclose  exact  figures. 

To  improve  compliance,  Dis¬ 
cover  is  getting  more  aggressive 
and  working  individually  with  cer¬ 
tain  merchants  to  make  sure  they 
get  through  the  12-point  security 
plan,  which  covers  firewalls,  vul¬ 
nerability  assessment  and  encryp¬ 
tion,  among  other  requirements. 

Discover  isn’t  alone  in  striving  to 
turn  PCI  DSS  into  more  than  a 
paper  tiger.  Visa,  which  works 
more  directly  with  acquiring 
banks  than  with  merchants,  also  is 
trying  to  shore  up  low  merchant 
adoption  numbers. 

Visa’s  new  approach  calls  for 
levying  punitive  fines  on  banks 
that  fail  to  get  their  merchant  cus¬ 
tomers  to  comply  with  the  PCI 
standard  —  while  promising 
multimillion-dollar  incentive 
packages  for  banks  that  prod  their 
largest  customers  into  complying. 

The  broader  goal  is  to  stem  the 
hemorrhage  of  sensitive  customer 
card  data  lost  in  recent  security 
incidents,  including  the  data 
breach  acknowledged  earlier  this 
month  by  TJX  Companies,  which 
operates  retail  chains  including 
T.J.  Maxx  and  Marshalls. 

The  $16  billion  Framingham, 
Mass.,  retailer  won’t  divulge 
whether  it  complies  with  PCI  DSS, 
despite  the  fact  that  Gary  Critten¬ 
den,  the  executive  vice  president 
and  CFO  at  American  Express,  sits 
on  the  TJX  board. 

American  Express  is  one  of  the 
five  payment-card  companies  that 
last  September  founded  the  PCI 
Security  Standards  Council,  which 


nww.com 

Network  World  event 

As  security  moves  “up  the  stack,"  the 
focus  shifts  to  content,  apps,  data  and 
“defense-in-depth"  architecture.  Learn 
how  to  structure  your  security,  close  vul¬ 
nerabilities  and  respond  to  attacks. 

Attend  IT  Roadmap:  Boston  for  free  on 
March  6.  To  qualify  go  to: 
www.nwdocfmder.coni/6844 


issues  the  PCI  security  standard. 
The  other  four  founding  members 
are  Discover,  JCB,  MasterCard  and 
Visa. 

PCI  DSS  too  tough? 

The  latest  version  of  the  stan¬ 
dard,  PCI  DSS  Version  1.1,  includes 
about  200  detailed  network  and 
physical  security  requirements  the 
council’s  founders  say  they  want 
to  see  become  the  norm  for  pro¬ 


tecting  payment-card  information. 

“We  want  to  work  together  to 
drive  things  forward,”  says  Seana 
Pitt,  chair  of  the  PCI  Security 
Standards  Council  and  a  vice  pres¬ 
ident  at  American  Express.“This  is 
the  first  time  the  five  competing 
brands  have  come  together” 

The  standard  also  includes  pro¬ 
visions  for  “compensating  con¬ 
trols”  that  let  organizations  pro¬ 
pose  alternative  solutions  if  they 
can’t  reasonably  meet  a  particular 
requirement,  such  as  using  en¬ 
cryption  to  render  cardholder 
data  unreadable. 

“For  older  retailers  with  main¬ 
frame  systems  from  the  ’70s,  this 
may  be  difficult  to  do,”  Pitt  says.“If 
you  have  a  business  or  technical 
challenge,  the  compensating  con¬ 
trol  is  a  way  to  demonstrate  how 
to  secure  that  data  through  alter¬ 
native  methods.” 

In  spite  of  such  allowances,  PCI 
DSS  adoption  lags  among  mer¬ 
chants  that  tend  to  ignore  the  re¬ 
quirements  until  they  face  pun¬ 
ishment  for  noncompliance, 
some  industry  sources  say 

Visa,  which  wouldn’t  disclose 
how  many  of  the  24  million  Visa 
card-accepting  merchants  world¬ 
wide  are  compliant,  says  it  is 
focused  on  working  with  acquir¬ 
ing  banks  to  get  Level  1  and  Level 
2  merchants  —  which  account  for 
nearly  two-thirds  of  Visa’s  U.S. 
transaction  volume  —  to  comply 

Current  PCI  compliance  among 
the  230  Level  1  merchants,  which 
process  more  than  6  million  card 
transactions  per  year,  is  36%,  Visa 
says.  Among  Level  2  merchants, 


which  process  between  1  million 
and  6  million  card  transactions, 
compliance  is  15%. 

As  part  of  its  carrot-and-stick 
approach, Visa  is  investing  $20  mil¬ 
lion  in  an  incentive  fund  payable 
to  the  financial  institutions  of  the 
largest  U.S.  merchants  that  have  al¬ 
ready  or  will  validate  PCI  compli¬ 
ance  by  the  end  of  August.  Con¬ 
versely  banks  risk  fines  of  $5,000 
to  $25,000  per  month  for  failing  to 


get  Level  1  merchants  on  track  by 
August  and  Level  2  merchants  on 
track  by  year-end. 

Other  fines  also  could  apply 
such  as  $10,000  per  month,  per 
merchant,  for  storing  prohibited 
types  of  card  information.  Visa 
says  it  levied  $4.6  million  in  fines 
last  year,  up  from  $3.5  million  the 
year  before. 

A  priority  for  some 

Some  businesses  that  process 
card  payments  say  they  take  the 
PCI  DSS  mandate  seriously 

Boddie-Noell  Enterprises,  which 
operates  385  restaurants  and 
stores,  is  focused  on  attaining  PCI 
DSS  compliance  as  a  Level  1  mer¬ 
chant.  The  challenge  is  that 
Level  1  certification  requires 
some  changes  in  its  data  center. 
“This  really  impacts  how  you 
design  your  network,”  says  Adam 
Ipock,  senior  director  of  IS  at  the 
Rocky  Mountain,  N.C.,  company 

For  example,  to  satisfy  one  part 
of  PCI  certification,  Boddie- 
Noell  determined  it  would  need 
to  add  VPN  equipment,  and 
probably  more  staff,  to  link 
point-of-sale  (POS)  devices  in  its 
restaurants  and  stores,  says  Bob 
Larimer,  the  company’s  director 
of  network  computing. 

Instead  of  tackling  the  issue  in- 
house,  Boddie-Noell  is  turning  to 
an  outsourcing  partner.  Contin¬ 
gent  Network  Services  of  Cincin¬ 
nati  is  providing  the  VPN  and  fire¬ 
wall  support  to  cover  PCI  require¬ 
ments  to  encrypt  card  data  travel¬ 
ing  from  POS  terminals  over  the 
wide-area  network. 


Putting  encryption  technologies 
in  place  also  has  been  a  priority 
for  Communications  Data  Ser¬ 
vices  (CDS),  a  division  of  Hearst 
that  carries  out  data  processing 
on  behalf  of  magazine  publishers. 

“We  are  covered  under  the  PCI 
requirements  for  about  20  mil¬ 
lion  credit  cards,”  says  Paul 
McCarthy  a  CDS  vice  president. 
“All  the  credit  card  information 
in  our  files  is  encrypted.” 

CDS  also  uses  Palisade  Systems’ 
data-leak  prevention  gear  to  mon¬ 
itor  outbound  and  inbound  com¬ 
munications  with  business  part¬ 
ners  to  make  sure  card  data  is 
sent  securely 

An  inbound  transmission  “could 
come  from  some  marketing  com¬ 
pany  unaware  of  the  rules,  so  we 
quarantine  it  to  find  out  exactly 
where  it  came  from,”  McCarthy 
says.“Each  week  we  might  find  an 
Excel  spreadsheet  with  150  credit-  , 
card  numbers  exposed.” 

Security-assessment  firms 
accredited  by  the  PCI  Security 
Standards  Council  to  assist  in 
compliance  say  the  standard  is 
tough  but  necessary 

“It  goes  very  deep  into  the  way 
a  company  organizes  its  security 
says  Abe  Kleinfeld,  president  and 
CEO  of  scanning  vendor  nCircle. 
He  admits  the  standard  can  be 
burdensome  but  says  a  zero- 
tolerance  approach  is  necessary 
“because  we’ve  got  to  try  and 
prevent  these  data  breaches, 
which  are  happening  at  about 
one  per  week.” 

The  frequency  of  news  about 
data  breaches  could  soon  put  the 
card-processing  business  com¬ 
munity  in  the  hot  seat  with 
Congress.  The  new  chairman  of 
the  House  Financial  Services 
Committee,  Barney  Frank  CD- 
Mass.),  voiced  dismay  earlier  this 
month  over  the  TJX  breach,  and 
his  aides  suggested  he  might  con¬ 
sider  legislation  aimed  at  pay¬ 
ment-card  protection. 

Pitt  says  the  PCI  Security 
Standards  Council,  while  advocat¬ 
ing  adoption  of  PCI  DSS,  isn’t 
ready  to  push  for  it  to  become 
federal  law.“We  see  this  remaining 
a  robust  standard,”  Pitt  says.  ■ 


I  The  security  breach  at  TJX 
is  just  one  more  in  a  string  of 
breaches.  When  will  the  cor 
ner  office  hear  what  we're 
saying?  asks  Editor  in  Chief 
John  Dix.  Page  19 


We  want  to  work  to¬ 
gether  to  drive  things  for¬ 
ward. This  is  the  first  time 
the  five  competing  brands 
have  come  together.55 

Seana  Pitt ,  chair  of  the  PCI  Security 
Standards  Council  and  a  vice  president  at 
American  Express 
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WRT300N  Wireless-N  Broadband  Router 


You've  experienced  the  convenience  and  mobility  of  wireless 
networking;  now  you're  ready  to  move  beyond  just  sharing  a 
high  speed  Internet  connection. 

Wireless-N  is  the  next  generation  of  wireless  with  advanced 
radio  technology  that  increases  range  with  coverage  that 
virtually  eliminates  dead  spots.  Enhanced  security  protects 
your  network  from  outside  threats.  Your  network  will  be 
able  to  keep  up  and  move  with  you  as  you  access  files  and 
make  Internet  phone  calls— all  at  the  same  time  throughout 
your  home. 

•  Up  to  1 2x  faster  and  4x  the  range  of  standard 
Wireless-G 

•  Works  great  with  Wireless-G  and  -B  devices 

•  Easy  to  install  and  easy  to  use 


For  more  information  on  the  new  Linksys  Wireless-N 
products,  visit  www.Linksys.com,  or  call  1  -800-737-7201 . 


•  1 1 1  ■  1 1 1  • 
CISCO. 


Linksys  is  a  registered  trademark  or  trademark  of  Cisco  Systems,  Inc.  and/or  its  affiliates  in  the  U.S.  and  certain  other  countries. 
Copyright  ©  2007  Cisco  Systems,  Inc.  All  rights  reserved. 
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PRODUCTS,  SERVICES  AND  STRATEGIES  FOR 
TYING  TELEWORKERS  TO  THE  ENTERPRISE 


Telecommuters  gain  VoIP  options 


VoIP  and  the  teleworker 

Two  telephony  support  challenges,  and  how  some  IT  professionals  handle 
them  with  VoIP: 

Challenge  Approach 

Supporting  a  telecomuter  who  travels  frequently  IP  phones  could  be  deployed  at  the  teleworker's  workplace, 
between  home  and  workplace  offices.  and  his  home  office  could  be  programmed  to  accept  calls  at 

the  same  extension.  Alternatively,  a  laptop  with  a  softphone 
client  could  be  used. 

A  work-at-home  call  center  agent  needs  a  A  hybrid  approach  can  be  used,  in  which  call  routing,  signaling 

clear,  reliable  voice  link  that  never  drops,  and  features  are  handled  via  a  VPN-based  IP  link,  but  voice 

but  running  QoS  over  the  teleworker's  VPN  is  delivered  over  a  public  switched  telephone  network  or 
link  is  not  an  option,  permanent  digital  voice  circuit  to  the  teleworker’s  home. 


BY  PHIL  HOCHMUTH 

Telecom  and  IT  administrators  charged 
with  supporting  telecommuters  have  as 
many  product  and  technology  options  as 
users  have  reasons  (or  excuses)  for  work¬ 
ing  from  home. 

Voice  is  the  lifeblood  technology  of 
telecommuters  —  more  so  than  e-mail, 
instant  messaging  or  any  other  means  of 
electronic  communications.  An  array  of 
VoIP  and  hybrid  IP  and  digital  technol¬ 
ogy  options  exist  for  tying  home-office 
workers  to  a  corporate  voice  system.  IT 
executives  should  consider,  however,  to 
what  extent  features  available  in  the 
office  should  be  available  to  those  at 
home,  and  at  what  cost. 

VPN  +  VoIP 

Using  a  combination  of  VPNs  and  VoIP  is 
becoming  a  standard  way  for  corporate  IT 
administrators  to  support  telephony  for 
work-from-home  employees.The  common 
approach  requires  two  well-established 
technologies:  remote-access  VPN  support, 
and  a  VoIP-enabled  or  pure-IP  PBX  in  the 
central  site.  Users  set  up  a  VPN-tunnel  ses¬ 
sion  between  their  home-office  PC  and 
the  corporate  network  via  a  standard 
access  technology,  such  as  IPSec  tunnel¬ 
ing  or  SSL  encryption. 

From  this  point,  connecting  home  users 
to  telephony  is  pretty  much  the  same  as 
linking  an  on-premises  cubicle  or  office, 
because  VPN  links  emulate  LAN  connec¬ 
tions  for  remote  users. 

The  easiest  and  fastest  way  to  set  up  a 
teleworker  phone  connection  is  to  deploy 
an  IP  softphone  on  the  user’s  laptop  or  PC. 
All  major  PBX  and  IP  PBX  vendors  have 
softphone  software  that  ties  into  a  corpo¬ 
rate  phone  system  extension  and  supports 
the  same  feature  set  as  a  desktop  phone  in 
an  office  does. 

Softphones  rule 

At  American  National  Bank  of  Texas,  25% 
to  30%  of  the  workforce  could  be 
equipped  with  work-at-home  capabilities 
in  the  next  few  years,  says  Kurt  Paige,  net¬ 
work  administrator  for  the  bankTNot  nec¬ 
essarily  for  working  from  home  full-time,” 
he  says.  “Employees  would  have  soft- 
phones  installed  on  notebooks,  so  they 
have  the  choice  to  work  either  in  the 
office  or  from  home.” 


The  bank  uses  softphones  from  Nortel 
that  tie  into  a  CS  1000  IP  PBX.A  Cisco  VPN 
concentrator  provides  remote-access  VPN 
links  for  voice  and  data. 

Softphones  are  the  preferred  approach 
for  supporting  teleworkers  because  voice 
and  data  are  combined  on  one  platform 

—  the  notebook  or  home  PC,  Paige  says. 

Teleworkers  whose  VPN  links  have 

decent  bandwidth  and  QoS  controls  even 
can  have  IP  hardware-based  phones 
deployed  in  a  home  office.  These  devices 

—  the  same  headsets  deployed  on  desk¬ 
tops  in  the  office  —  register  with  a  central 
PBX  or  IP  PBX  over  the  VPN  link  and  act  as 
regular  extensions  on  the  system. 

Hybrid  approach 

Most  makers  of  traditional  PBXs  based 
on  legacy  time-division-multiplexing 
technology  have  several  options  for 
extending  connectivity  to  a  home  office. 
Avaya,  Nortel,  Siemens,  NEC  and  others 
offer  a  simple  product  package  that  ties  a 
home  phone  into  a  corporate  PBX  (with 
the  help  of  PC-based  software  and  a  VPN 
link),  as  well  as  an  elaborate,  full 
telecommuter  package  complete  with  a 
desktop  hardphone. 

Avaya  and  Nortel,  for  example,  have  a 
telecommuter  option  in  their  IP  soft¬ 
phone  clients  that  lets  users  run  call  and 
access  features  from  the  softphone  appli¬ 
cation  but  use  a  landline  telephone  for 
voice  traffic. 

In  such  a  scenario,  calls  would  be 
placed  via  the  softphone  interface  on  a 
PC  —  connected  to  the  corporate  PBX  by 
a  VPN  link,  according  to  the  companies. 
When  an  external  call  is  placed,  the  PBX 
rings  the  user’s  landline  phone  (usually 
the  home  phone  number),  then  calls  the 
external  number  and  bridges  the  two 
lines  together. 

This  approach  could  help  teleworkers 
without  a  broadband  connection,  those 
whose  VPNs  don’t  support  QoS  for  VoIP 
traffic  and  those  who  run  data-intensive 
applications  over  their  VPN  links.  (Sig¬ 
naling  and  call-setup  traffic  can  run  over 
a  dial-up  link,  but  having  signaling  and 
VoIP  traffic  on  the  same  IP  link  usually 
requires  that  it  be  1Mbps  or  faster.)  Large 
file  downloads  or  frequent  server  trans¬ 
actions  could  cause  interference  when 
packets  of  a  VoIP  conversation  share  the 


same  pipe  as  data. 

Teleworkers  also  could  enter  a  mobile 
telephone  number  as  the  forwarding  line, 
letting  them  take  incoming  calls  from  co¬ 
workers  via  three-,  four-  or  five-digit  exten- 


BY  JENNIFER  MEARS 

Vrtual  Iron  Software  is  teaming  with 
rPath,  a  company  that  provides  the  plat¬ 
form  for  packaged  application  appliances, 
to  roll  out  so-called  virtual  appliances  — 
preconfigured  machines  that  include  an 
application  and  operating  system. 

The  idea  behind  virtual  appliances  is  to 
free  software  from  hardware  constraints. 
Because  virtual  appliances  contain  pre¬ 
built  and  pretested  software  stacks  that 
include  an  application  and  an  operating 
system  inside  a  virtual  machine,  organiza¬ 
tions  can  download  programs  to  the  appli¬ 
ance  and  have  an  application  up  and  run¬ 
ning  in  minutes. 

“People  talk  about  how  frustrated  they 
are  by  the  amount  of  time  it  takes  to  provi¬ 
sion  their  physical  infrastructure,  including 
their  applications,”  says  Mike  Grandinetti, 
chief  marketing  officer  at  Virtual  Iron. “The 
analogy  I  draw  is  that  [a  virtual  appliance] 
is  like  downloading  a  song  from  iTunes 
and  running  it  on  your  iPod. That  captures 
the  simplicity’ 

Because  virtual  appliances  are  preconfig¬ 
ured,  prebuilt,  certified,  optimized,  ready-to- 
run  software  stacks,  “you  can  point  and 


sions,  or  from  external  parties.  This 
method  also  lets  employees  use  their 
office  telephone  numbers  and  extensions 
while  keeping  their  home  phone  num¬ 
bers  private.  ■ 


click  and  provision  [applications]  in  a  mat¬ 
ter  of  seconds  vs.  what  often  takes  days  and 
in  some  case  weeks,”  Grandinetti  says. 

VMware  has  hundreds  of  virtual  appli¬ 
ances  freely  available,  ranging  from  secu¬ 
rity  to  network  management  to  load  bal¬ 
ancing.  Only  about  14,  however,  are  certi¬ 
fied  virtual  appliances,  that  is,  they  are 
ready  to  deploy  in  enterprise  environ¬ 
ments.  Virtual  Iron,  meanwhile,  has  eight 
appliances  available  through  its  partner¬ 
ship  with  rPath  and  expects  to  be  adding 
more  quickly 

VMware  and  Virtual  Iron  use  different  for¬ 
mats  to  create  the  virtual  servers:  VMware 
uses  its  own  virtual-machine  disk  format, 
which  it  made  open  and  freely  available  in 
April  last  year;  Virtual  Iron  uses  the 
Microsoft  Virtual  Hard  Disk  format. 

“We’re  using  a  free  online  converter  to 
move  from  the  VMware  disk  format  to  the 
Microsoft  Virtual  Hard  Disk  format,” 
Grandinetti  says. 

Also  last  week,  Virtual  Iron  announced 
the  launch  of  its  own  Virtual  Appliance 
Exchange,  where  users  can  download 
certified  Windows-  and  Linux-based  vir¬ 
tual  appliances.  ■ 


Virtual  appliances  on  tap 
from  Virtual  Iron/rPath 
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Preparing  for  a  change 

Industry  experts  say  IT  executives  should  make  sure  they’re 

prepared  for  the  March  11  daylight-saving  changes.  Some 

things  to  consider: 

•  Get  started:  While  the  daylight-saving  change  is  still  more  than  a  month  away,  it’s  time 
to  look  at  systems  now,  because  it  may  not  be  clear  what  will  need  fixes. 

•  Take  stock:  Inventory  IT  systems  to  determine  exactly  what's  linked  to  the  network 
and  what  is  time  and  date  dependent.  Some  systems,  for  example,  are  linked  to 
external  network  time  servers,  which  should  update  automatically. 

•  Consider  the  operating  system:  While  the  latest  releases,  such  as  Windows  Vista, 
are  compliant  with  the  new  schedule,  older  versions  will  need  patches,  and  some,  such 
as  Windows  XP  Service  Pack  1  and  Windows  NT  4,  won't  have  fixes  available.  In  that 
case,  an  upgrade  may  be  necessary,  which  also  could  Impact  applications. 

•  Investigate  individual  applications:  Review  applications  to  determine  whether  they 
rely  on  the  operating  system,  network  time  servers  or  internal  code  for  time  functions. 
Java  applications,  for  example,  will  need  application-specific  patches. 

•  Check  in  with  vendors:  It  may  not  be  clear  exactly  what  time  functions  are  in  which 
applications  devices.  Most  major  vendors  have  Web  sites  set  up  to  help  guide  customers 
in  dealing  with  the  time  shift. 

•  Keep  communications  open:  Let  management  know  how  the  time  shift  could  impact 
operations  and  how  things  could  be  handled  in  case  of  glitches. 


Daylight  saving 

continued  from  page  1 

management  firm  TrueCredit  in 
San  Luis  Obispo,  Calif. 

Mike  Sly  a  senior  IT  consultant  at 
IT  integrator  Evolving  Solutions, 
agrees.  Like  a  lot  of  vendors  and 
service  providers,  Evolving  Solu¬ 
tions  has  sent  alerts  to  customers, 
many  of  whom  haven’t  been 
aware  of  the  change. 

“It’s  really  more  pervasive  than 
[Y2K]  ever  was,”  Sly  says.  “It  will 
impact  anything  that  has  to  do 
with  dates  and  times  and  sched¬ 
uling  —  transportation,  hotels, 
airlines, sales.  It’s  just  everywhere. 
.  .  .  It  blows  me  away  that  not 
many  people  seem  to  be  all  that 
aware  of  it.” 

Vendors  have  been  focused  on 
the  issue  and  want  to  help  cus¬ 
tomers  make  the  transition.  Most 
major  IT  vendors,  including  Cisco, 
IBM,  Microsoft,  Novell,  Red  Hat 
and  Sun,  have  Web  pages  dedi¬ 
cated  to  the  daylight-saving 
change  that  outline  what  fixes  are 
necessary  for  their  products. 
Smaller  vendors,  too,  are  making 
sure  their  products  are  updated. 

PeopleCube,  for  example,  late 
last  year  began  shipping  updated 
releases  of  its  resource  scheduling 
and  calendaring  software  that 
comply  with  the  new  daylight-sav¬ 
ing  dates.  On  a  larger  scale,  Micro¬ 
soft  addressed  the  issue  by  em¬ 
bedding  the  updated  daylight-sav¬ 
ing  rules  into  Vista,  and  it  has 
patches  available  for  Windows  XP 
Service  Pack  2  and  Windows 
2000.  Organizations  running  Win¬ 
dows  XP  Service  Pack  1  or  Win¬ 
dows  NT,  however,  will  have  to  use 
a  workaround  that  can  be  found 
on  the  Microsoft  Web  site. 

In  its  daylight-saving  directives, 
Cisco  notes  that  the  repercussions 
of  the  change  extend  beyond 
scheduling  and  into  areas  such  as 
security  and  monitoring. 

“This  change  can  have  a  major 
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impact  on  event-correlation  activi¬ 
ties  that  are  performed  as  part  of 
normal  operations  troubleshoot¬ 
ing  and  monitoring,”  the  Web  site 
says.  “For  security-related  devices, 
where  logs  are  captured,  corre¬ 
lated  and  stored  for  future  refer¬ 
ence,  this  time  change  could  ren¬ 
der  them  incorrect  for  situations 
where  they  need  to  be  recalled  to 
rebuild  a  sequence  of  events. The 
incorrect  timestamps  might  not  be 
an  issue  for  events  that  get  imme¬ 
diate  action.  However,  in  the  fu¬ 


ture,  these  events  would  reference 
incorrect  times.” 

TrueCredit’s  Metzger  says  he 
and  his  team  have  been  working 
since  October  to  make  sure  their 
systems  move  smoothly  into  the 
new  time.  Metzger  says  the  “lion’s 
share”  of  work  they  need  to  do 
centers  around  updating  Java  vir¬ 
tual  machines,  a  task  that  can  be 
tricky  and  time  consuming  be¬ 
cause  of  the  variety  of  Java  Run¬ 
time  Environments. 

The  good  news  for  Metzger  is 


that  TrueCredit  has  consolidated 
its  physical  environment  by  run¬ 
ning  Azul’s  multicore  Compute 
Appliances,  which  offload  Java 
workloads  to  reduce  the  strain  on 
traditional  application  servers. 

“We  just  have  to  do  a  patch 
update  to  four  physical  machines, 
which  are  centrally  managed 
through  one  console,”  Metzger 
says.Trior  [to  Azul]  we  had  multi¬ 
ple  disparate  systems,  but  consoli¬ 
dating  everything  onto  a  fewer 
number  of  physical  units  and  hav¬ 
ing  those  machines  centrally 
managed  has  made  this  particu¬ 
lar  issue  easier  to  handle.” 

Rich  Debrino,  CIO  for  Everett, 
Wash.,  Advances  in  Technology 
which  handles  IT  for  a  variety  of 
healthcare  organizations,  includ¬ 
ing  parent  company  Compass 
Health,  notes  that  systems  tied  to 
external  network  time  servers 
should  have  few  problems. 

“Most  proactive  IT  execs  who 
run  a  big  shop  are  going  to  use 
some  kind  of  network  time  proto¬ 
col  tied  either  internally  or  exter¬ 
nally  he  says.  “If  you’re  using 
something  that’s  tied  externally  to 
a  network  time  server  then  who 
cares  about  daylight-saving  time 
changes  because  the  network 
time  servers  are  going  to  be  up¬ 
dated  anywayf’ 

Internal  time  servers  should  also 
help  keep  things  in  line.  “Make 
sure  you’ve  got  your  [time] 
servers  updated,  then  everybody 


else,  when  they  log  on  to  the  net¬ 
work,  should  automatically  up¬ 
date,”  he  says. 

John  Halamka,  CIO  at  Care- 
Group  Health  System  in  Boston, 
says  his  staff  is  patching  Windows 
XR  Outlook  and  Exchange  in 
accordance  with  Microsoft’s  di¬ 
rectives  and  also  is  reviewing 
what  other  fixes  need  to  be  made. 

“For  applications  that  have  time- 
sensitive  stamps  [hospital  orders, 
electronic  medical  record  notes] 
we  surely  need  to  fully  under¬ 
stand  what  layer  of  the  system  is 
playing  a  role  in  the  timestamp 
and  assure  it  is  fixed,”  he  says. 

From  initial  review  it  seems 
that  most  applications  derive 
times  from  the  server  operating 
system,  “which  use  time  servers 
and  thus  require  no  patch,” 
Halamka  says,  adding  that  the 
daylight-saving  change  pales  in 
comparison  withY2K. 

“We  spent  two  years  and  $20 
million  on  Y2K.This  issue  has  no 
budget  and  will  take  two  months,” 
he  says. 

Nevertheless,  industry  experts 
agree  that  IT  managers  need  to 
address  the  issue  to  avoid  glitches. 

“The  problem  is  very  wide  and 
not  very  deep,”  says  Steven  Os- 
trowski,  a  spokesman  for  Com¬ 
puter  Technology  Industry  Asso- 
ciation.“It’s  going  to  cause  a  lot  of 
little  headaches  instead  of  big 
Y2K-type  issues.  But  people  need 
to  be  prepared.”  ■ 


The  cost  of  ineffective  search 


BY  JON  BRODKIN 

A  company  that  employs 
1,000  information  workers 
can  expect  more  than 
$5  million  in  annual  salary 
costs  to  go  down  the  drain 
because  of  the  time  wasted 
looking  for  information  and 
not  finding  it,  research  firm 
1DC  found  last  year. 

Think  that’s  bad?  A  survey 
this  month  of  1,000  middle  managers  found 
that  more  than  half  of  the  information  they 
find  during  searches  is  useless. 

There  seems  to  be  no  shortage  of  enterprise 
search  applications  to  help  companies  find 
information  hidden  within  their  networks.  So 
why  are  searches  so  ineffective? 

Most  enterprises  are  not  using  the  most  up- 
to-date  search  applications,  analysts  say  They 
also  aren’t  using  the  applications  they  have  as 
effectively  as  they  should. 

“They’ve  never  invested  a  whole  lot  in  it,” says 
Matthew  Brown,  a  senior  analyst  at  Forrester 


Research.  “Companies  will 
spend  lots  and  lots  of 
money  on  architecting  por¬ 
tal  systems,  intranets,  dash¬ 
boards  and  databases,  and 
everything  else. Search,  typi¬ 
cally,  for  internal  applica¬ 
tions  —  companies  don’t 
spend  a  lot  of  time  on  it.” 

As  much  as  10%  of  a  com¬ 
pany’s  salary  costs  are 
wasted  on  ineffective  searches,  said  the 
Butler  Group  in  a  report  last  October.  Richard 
Edwards,  the  senior  research  analyst  who  co¬ 
authored  the  240-page  report,  says  a  lack  of 
metadata  is  one  of  the  key  problems. 

Suppose  you  create  a  Microsoft  Word  docu¬ 
ment.  If  the  program  is  set  up  to  index  meta¬ 
data,  you  will  be  prompted  to  fill  in  fields 
recording  such  information  as  author,  title, sub¬ 
ject  matter  or  the  expiration  date  of  the  infor¬ 
mation  contained  within  the  document,  Ed¬ 
wards  says.  These  metadata  fields  are  like 
“outer  markings”  that  make  it  easier  for  search 


engines  to  determine  whether  a  document 
should  be  returned  on  a  hit  list,  and  reduce 
their  dependency  on  full  text  searches. 

A  decade  ago,  when  enterprise  search  pro¬ 
grams  were  less  widely  used,  it  was  “horren¬ 
dously  difficult”  to  get  employees  to  enter 
this  kind  of  information,  according  to 
Edwards.  And  it  remains  hard  today  he  says, 
even  though  the  widespread  use  of  enter¬ 
prise  search  provides  a  clear  incentive. 

“Ninety  percent  of  the  documents  that  are 
created  have  no  useful  metadata,”  he  says. 
“Until  we  get  more  of  that  metadata  it  is  going 
to  be  an  uphill  struggle  to  get  better  results  out 
of  these  very  capable  search  technologies.” 

Some  high-end  enterprise  search  applica¬ 
tions,  such  as  Autonomy  do  a  “modest  job"  of 
determining  what  a  document  is  about  on  its 
own,  he  says. 

“They  do  more  than  just  pick  out  the  main 
words  and  index  them. They  can  look  at  parts 
of  the  document,  the  document  title  and  head¬ 
ings  and  work  out  what  the  document  is 

See  Search,  page  33 


Time  wasted 

As  much  as 

10% 

of  a  company’s  salary  costs 
are  wasted  on  ineffective 
searches,  according  to  the 
Butler  Group. 
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Nortel  on  the  comeback  trail 

Company  honing  enterprise  focus,  with  help  from  Microsoft 


BY  JIM  DUFFY 

Nortel  has  restated  its  financials  and  put  a 
new  management  team  in  place,  but  still 
faces  plenty  of  hurdles  in  completing  a 
turnaround  initiated  after  an  accounting 
scandal  three  years  ago. 

Industry  watchers  agree  Nortel  needs  to 
improve  customer  relations  and  sort  out 
product  lines  that  are  still  redundant  after 
acquisitions  that  took  place  almost  10 
years  ago. 

Nortel  also  must  focus  its  lines  of  business 
to  become  a  truly  formidable  No.  2  supplier 
to  Cisco  in  the  enterprise.  In  addition,  the 
company  must  partner,  purchase  or  develop 
its  way  back  into  the  IP  core  and  edge 
router  market,  watchers  say  and  figure  out  a 
way  to  scale  to  compete  with  Alcatel- 
Lucent,  Nokia-Siemens  and  other  competi¬ 
tors  formed  from  mergers  and  acquisitions. 

“They’re  a  relatively  small  company  in  an 
industry  of  giants  now;” says  Zeus  Kerravala, 
an  analyst  at  The  Yankee  Group. “You  really 
wonder  how  they  can  compete  long  term 
with  some  of  these  larger  companies.” 

Nortel  says  it  continues  to  build  momen¬ 
tum  after  installing  a  new  management 
team  over  the  past  year  and  clarifying  the 
markets  it  intends  to  pursue  with  vigor  — 
enterprise,  IPTYWiMAX,  IP  Multimedia  Sub¬ 
system,  Metro  Ethernet  and  professional 
services. 

“But  we’re  not  confused  about  this  being 
still  early  in  the  journey  says  Chief  Strategy 
Officer  George  Riedel. 

“Where  we  do  get  a  shot  we  do  quite  well, 
but  the  phrase  around  here  is  the  ‘at-bats,’” 
Riedel  says.  “Are  we  missing  opportunities 
because  we  just  don’t  get  a  shot?  Either  cus¬ 
tomers  aren’t  aware  that  we  have  an  offer¬ 
ing,  or  we  don’t  have  distribution  reach  or, 
whatever  the  combination  of  things.” 

Customers  agree. 

“I  don’t  think  that  the  value  of  their  solu¬ 
tions  is  in  question.The  question  is:  Are  they 
using  the  right  marketing  and  sales  strate¬ 
gies  to  get  their  products  to  market?”  says 
Victor  Bohnert,  executive  director  of  the  In¬ 
ternational  Nortel  Networks  Users  Associ¬ 
ation  (1NNUA).  “Cisco  has  two  very  good 
things  going  for  them:  market  visibility  and  a 
very  aggressive  sales  strategy  Nortel  is  going 
to  have  to  develop  those  two  key  pieces.” 

That  will  include  clarifying  its  enterprise 
product  road  map.  Customers  say  they  are 
getting  mixed  messages  on  which  product 
lines  Nortel  plans  to  retain. 

“Stay  focused  and  deliver  it,”  says  Sheng 
Guo,  CTO  of  the  New  York  State  Unified 
Court  System.“If  you’re  changing  things  too 
often,  you  lose  credibility 

Riedel  says  Nortel  has  made  recent 
strides  to  keep  customers  abreast  of  prod¬ 
uct  directions,  and  INNUA  officials  agree. 


Nortel’s  priorities 

The  company’s  self-described  keys 
to  completing  its  comeback. 

•  Reducing  costs  or  expanding  margin  by  S1.5 
billion  over  the  next  several  years. 

•  Transforming  the  enterprise  business. 

•  Driving  next-generation  mobility  around  4G  wireless 
technologies. 

•  Building  a  professional  services  business. 

•  Retooling  brand  awareness  and  go-to-market  strategy. 


“We’re  working  on  a  process  now  called 
the  product  enhancement  pipeline  where 
our  members  can  provide  enhancement 
suggestions  to  Nortel  year-round,” says  Steve 
Ford,  INNUA  president.  “It  is  necessary  for 
Nortel  to  keep  the  customers  up  to  date  on 
their  product  road  map  ...  so  they  can  plan 
their  migration,  their  corporate  road  map.” 

Customers  also  are  anxious  to  see  the  re¬ 
sults  of  Nortel’s  alliance  with  Microsoft 
around  unified  communications. Last  week, 
the  companies  unveiled  the  first  fruits  of 
their  effort,  which  include  branch-office 
gear  and  offerings  that  address  security  and 
multimedia  needs. 

“How  much  of  that  technology  that  you 
guys  have  in  your  Communication  Server 
1000  and  telephony  [systems]  are  you 
going  to  be  willing  to  work  with  on  Micro¬ 
soft  and  see  port  back  and  forth?”  asks 
Bruce  Meyer,  director  of  network  services  at 
ProMedica  Healthcare  in  Toledo,  Ohio,  a  16- 
year  customer  of  Nortel.  “Are  you  going  to 
see  more  Nortel  technology  in  a  more  soft¬ 
ware-based  kind  of  solution?  We  don’t 
know.  Nobody  knows.” 

“Everyone  believes,  in  the  deal  with 
Microsoft,  they’ve  basically  gotten  out  of  the 
voice  business,”  says  Frank  Dzubeck,  presi¬ 
dent  of  consultancy  Communications  Net¬ 
work  Architects. 

Riedel  scoffs  at  that.  “It  couldn’t  be  further 
from  the  truth,”  he  says. “We  think  we’re  re¬ 
defining  the  voice  business,  certainly  not 
exiting  it.” 

Product  line  clarity  should  enable  Nortel 
to  better  compete  with  Cisco  in  the  enter¬ 
prise,  observers  say 

“In  the  enterprise  business,  1  still  have  not 
seen  a  No.  2  emerge,”  Dzubeck  says.“If  Nortel 
assumes  that  it’s  No.  2  because  it  has  a  large 
portfolio,  it  isn’t  showing  it  in  the  market¬ 
place.  So  they  have  to  [become]  a  No.  2  or 
they  should  get  out  of  the  enterprise  space.” 

Riedel  offers  that  Nortel  is  a  strong  No.  2 
with  plans  to  become  stronger. 

“We’ve  got  a  breadth  of  portfolio  — 


data,  voice  and  applications,”  he  says.“And 
relative  to  other  players  in  the  industry  — 
[not  including]  Cisco  —  one  of  the  larger 
sales  forces  in  the  world.  We  invested  a  lot 
more  in  terms  of  R&D  in  the  portfolio  in 
the  enterprise  last  year  to  bring  a  new  set 
of  products  out.  ...  But  part  of  what  we 
have  to  demonstrate  is,  we’re  back  in  the 
enterprise,  we’re  back  engaged,  we’ve  got 
a  competitive  portfolio,  we’ve  got  a  set  of 
sales  and  marketing  resources  ...we  need 
to  execute  that.” 

Much  of  that  execution  will  depend  on 
resellers.  CXtec  is  a  long-time  Nortel 
reseller  —  going  back  to  the  days  of  LAN 
hub  and  switch  maker  SynOptics,  which 
merged  with  router  vendor  Wellfleet  to 
form  Bay  Networks,  acquired  by  Nortel 
eight  years  ago. 

Through  it  all,  CXtec  has  dealt  with  some 
interesting  back-and-forth  with  its  manufac¬ 
turer  —  most  of  it  negative. 

“The  partner  program  has  been  in  disarray 
through  the  years,  especially  looking  at  it 
from  the  data  side,”  says  Frank  Kobuszewski, 
vice  president  of  CXtec’s  Technology  Solu¬ 
tions  Group.  “There’s  absolutely  room  for 
improvement.” 

CXtec  is  seeing  some  improvement  under 
the  current  Nortel  regime  of  CEO  Mike 
Zafirovski.  He  has  laid  out  a  clearer  vision 
on  channel  and  strategy,  freed  up  some 
marketing  funds,  and  made  its  executives 
and  information  more  accessible  to  chan¬ 
nel  partners,  CXtec  says. 

But  Kobuszewski  echoes  concerns  about 
lack  of  product  clarity  and  focus,  and 
Nortel  has  just  instituted  an  unpopular  ser¬ 
vice  and  support  fee  structure  that  charges 


BY  JON  BRODKIN 

User  satisfaction  with  software-as-a-service 
is  starting  to  slip, but  customer  interest  in  this 
method  of  outsourcing  IT  functions  is  con¬ 
tinuing  to  grow,  according  to  survey  results 
released  this  month  by  the  Cutter  Con¬ 
sortium,  an  IT  research  and  analysis  firm. 

“Our  latest  survey  shows  that  [software-as-a- 
service]  will  become  a  dominant  force  in 
2007,”  writes  report  author  Jeffrey  Kaplan, 
who  runs  consulting  firm  ThinkStrategies 
and  is  a  Cutter  Consortium  senior  consultant. 

Kaplan  performed  a  survey  of  88  IT  pro¬ 
fessionals,  with  31%  already  using  software 
as-a-service,  the  same  as  in  the  previous 
year’s  survey,  but  43%  are  now  considering 
it  —  an  increase  from  34%  the  prior  year. 

He  found  satisfaction  rates  of  90%  among 


partners  technical  support  fees  of  tens  of 
thousands  of  dollars,  in  addition  to  hun¬ 
dreds  of  dollars  per  incident,  with  a  mini¬ 
mum  prepurchase  of  scores  of  incidents. 

“It  does  send  the  wrong  message  to  the 
channel  of,  As  we’ve  also  decreased  other 
levels  of  support,  you’re  also  going  to  have 
to  pay  to  access  technical’”  assistance,  says 
Lisa  Belodoff,  director  of  strategic  market¬ 
ing  for  CXtec. 

Riedel  says  Nortel’s  been  offering  freebies 
for  too  long  and  has  to  make  up  some 
ground.  Nortel  says  it  offered  technical  ser¬ 
vice  for  voice  for  free,  and  that  the  fee  struc¬ 
ture  aligns  voice  technical  services  with 
Nortel  data  and  with  the  rest  of  the  industry 
Nortel  says  the  fee  structure  is  part  of  a  big¬ 
ger  program  that  will  net  the  reseller  more 
money  overall. 

As  Nortel’s  comeback  evolves,  Riedel 
doesn’t  find  it  incumbent  upon  the  ven¬ 
dor  to  reengage  in  the  carrier  core  router 
market  as  the  barriers  to  entry  are  too 
high  given  the  dominant  positions  of 
Cisco  and  Juniper.  He  is  also  comfortable 
with  Nortel’s  current  Metro  Ethernet  offer¬ 
ings  at  the  edge. 

Nor  does  Riedel  see  that  the  vendor  has 
to  merge  with  another  large  player  to 
match  the  scale  of  its  combined  rivals. 

“There’s  a  big  scale  challenge, particularly 
on  the  carrier  side  of  the  business,”  he  says. 
“The  question  is,  though,  do  you  believe 
you  can  drive  an  agenda  with  some  disrup¬ 
tive  technologies  —  very  targeted,  very  fo¬ 
cused  —  can  we  build  successful  positions 
there?  We  think  we  can.” 

“You  have  to  pick  your  battles,”  he  con¬ 
cludes.  ■ 


users  last  year,  and  80%  this  year.“I  was  a  lit¬ 
tle  surprised  we  saw  the  level  of  slippage 
we’ve  seen,”  Kaplan  says. 

The  diminished  satisfaction  represents  a 
“warning  sign  for  both  users  and  vendors,” 
he  says.  Users  need  to  make  sure  they  don’t 
have  unrealistic  expectations,  and  must 
evaluate  the  capability  of  vendors  before 
selecting  a  service,  he  says. 

But  it  is  natural  to  have  some  drop  in  sat¬ 
isfaction,  Kaplan  adds. 

“Whenever  a  market  grows,  customers 
arrive  with  different  sets  of  expectations. 
Sometimes,  those  expectations  may  not  be 
realistic,”  he  says.  “The  other  part  is  a  larger 
number  of  providers  emerge  and  their  abil¬ 
ity  to  deliver  a  consistent  quality  solution 
will  also  vary’  ■ 


Software-as-a-service  satisfaction 
drops,  but  interest  expands 
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ntroducing  the  industry’s  highest  performance  Ethernet 
switch  family  ready  to  deliver  wire-speed  non-blocking 
performance  to  1.14  billion  packets  per  second  (or  up  to 
3.42  bpps  per  7-foot  telco  rack).  Foundry’s  Biglron  RX  Series 
offers  the  highest  density  Gigabit  and  10  Gigabit  Ethernet 
switching  and  routing  solution  in  the  industry  and  is  built  on  a 
distributed  and  redundant  switch  architecture  that  ships  ready  to 
support  100  Gigabit  Ethernet.  Featuring  support  for  scalable 
Ethernet  switching,  IPv4/IPv6  routing,  consistent  low  latency 
for  all  packet  sizes  and  advanced  quality  of  service  design,  the 
Biglron  IkX  Series  meets  and  exceeds  the  needs  of  a  wide  range 
of  environments  including  Enterprise  LAN,  HPC,  MANS,  and 
next  generation  data  centers. 

Find  out  more  about  the  BigIron  RX  Series  and  how 
YOU  CAN  REDEFINE  PERFORMANCE  AND  RELIABILITY  IN  YOUR 
NETWORK.  LOG  ON  TO  WWW.FOUNDRYNET.COM/BlGlRONRX. 
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TECHNOLOGY  UPDATE 


m  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Bringing  cell  coverage  inside 


Marrying  pico  cells  with  DAS 

Using  multiple  pico  cells  to  extend  cellular  coverage  within  a  building  can  lead 
to  cell  overlap  that  limits  data  rates  and  lead  to  multiple  radio  hand  offs  that 
strain  resources.  Alternatively,  users  can  deploy  one  pico  cell  and  extend  its 
signal  with  a  distributed  antenna  system,  covering  an  entire  floor  with  one 
dominant  radio  source  so  there  will  be  no  hand  offs  and  high-speed  data 
service  will  be  available  throughout. 


T, 


Pico  cell 


RF  signal 


T-1  backhaul 
to  carrier 


Distributed  Antenna  System 


BY  STEFAN  SCHEINERT 

As  enterprise  users  rely  increasingly  on 
cell  phones  for  voice  and  e-mail  connec¬ 
tions,  ensuring  in-building  cellular  cover¬ 
age  has  become  more  critical. 

Large  office  buildings  and  corporate  cam¬ 
puses  can  use  distributed  antenna  systems 
to  propagate  cellular  signals  from  an  on-site 
cellular  base  station  or  repeater,  but  the  cost 
is  prohibitive  for  small  to  midsize  proper¬ 
ties.  Pico  and  femto  cell  products  are  now 
enabling  in-building  cellular  deployment  in 
smaller  sites, and  an  integrated  pico  cell/dis¬ 
tributed  antenna  system  deployment  is  opti¬ 
mum  in  midsize  facilities. 

Pico  and  femto  cells  are  small  versions  of 
the  cellular  base  stations  that  provide  out¬ 
door  coverage  for  cellular  subscribers. The 
cell  devices  look  like  Wi-Fi  access  points 
and  connect  to  an  IP-based  service  such  as 
DSL  for  backhaul  to  the  cellular  network. 

Because  pico/femto  cell  devices  can  be 
portable  they  may  interfere  with  the  regular 
cell  network.To  compensate,  vendors  often 
recommend  operating  pico  or  femto  cells 
with  very  low  output  power,  usually  in  the 
lmW-to-lOmW  range. 

Femto  cells  have  very  low  output  power 
and  limited  capacity  and  are  designed  for 
very  small  office  spaces  or  residential  units. 
Pico  cells  are  higher  capacity, higher  power, 
and  can  typically  cover  buildings  of  up  to 
30,000  square  feet. 

To  deliver  adequate  coverage  and  signal 
strength  in  larger  buildings.it  may  be  neces¬ 
sary  to  deploy  multiple  pico/femto  cells. 
However,  this  must  be  planned  carefully 
because  each  cell  may  use  the  same  fre¬ 
quency  and  the  deployment  may  not  meet 
Carrier  to  Interference-plus-Noise  Ratio 


(C1NR)  requirements  for  high-speed  data. 
With  multiple  pico/femto  cells  installed, 
parts  of  the  building  may  receive  multiple 
signals  with  similar  field  strengths,  so  there 
will  be  interference  and  the  CINR  value  will 
be  too  low  to  allow  high  data  rates. 

Another  approach  is  to  use  a  central  radio 
and  a  distributed  antenna  system  to  extend 
the  signal.  The  traffic  is  backhauled  to  the 
carrier’s  network  via  a  T-1  line.  Distributed 
antenna  systems  can  cover  facilities  ranging 
from  10,000-square  feet  up  to  millions  of 
square  feet. 

Determining  how  and  where  to  place 
pico  cells  or  use  distributed  antennas  is  a 
matter  of  compensating  for  the  three  factors 
that  impact  the  reach,  quality  and  capacity 
of  cellular  coverage:  signal  strength  (which 


impacts  cell  radius  and  caller  capacity); 
link  budget  (equal  to  transmit  power  minus 
minimum  field  strength);  and  CINR. 

To  deliver  consistent  voice  coverage 
inside  a  building  and  prevent  devices  hunt¬ 
ing  from  one  radio  source  to  another,  any 
indoor  coverage  must  deliver  a  signal  that  is 
8  to  10  decibels  stronger  than  signals  com¬ 
ing  into  the  building.  In  addition,  the  signal 
must  be  pervasive  to  eliminate  dead  spots. 

Signal  strength  affects  the  coverage  area 
as  well  as  its  caller  capacity  When  multiple 
pico  cells  are  used  to  cover  a  space,  user 
devices  see  multiple  radio  sources. The  de¬ 
vices  will  hunt  between  radio  sources  and, 
because  each  pico  cell  uses  a  different 
radio, CINR  is  very  poor,  less  than  5  decibels. 

In  areas  with  low  CINR  —  typically  where 


pico  cell  coverage  areas  overlap  —  high¬ 
speed  data  services  (greater  than  3.6Mbps) 
are  not  possible.  Also,  handoffs  between 
radio  sources  will  reduce  available  network 
resources  and  device  battery-life. 

To  compensate,  users  can  deploy  one 
pico  cell  and  then  extend  its  signal  with  dis¬ 
tributed  antennas.  In  this  scenario,  the  en¬ 
tire  floor  would  be  covered  with  one  radio, 
meaning  one  dominant  radio  source  so 
there  would  be  no  handoffs  and  CINR  will 
be  very  high. High-speed  data  service 
would  be  available  throughout  the  floor. 

If  the  building  is  small  enough  and  regu¬ 
lar  cell  signals  are  not  too  strong,  a  single 
pico  cell  base  station  may  be  sufficient.  In 
larger  facilities,  it  makes  more  sense  to  de¬ 
ploy  one  pico  cell  and  integrate  it  with  dis¬ 
tributed  antennas  than  it  does  to  deploy 
multiple  pico  cells. 

Because  3G  technologies  such  as  EV-DO 
and  High-Speed  Downlink  Packet  Access 
can  carry  a  lot  of  traffic,  integration  of  a 
pico  cell  and  distributed  antenna  system 
enables  the  pico  cell  to  carry  a  higher  load 
by  expanding  coverage. 

The  distributed  antenna  system  also  sepa¬ 
rates  the  location  of  the  pico  base  station 
and  the  antennas  distributed  throughout 
the  building.  When  existing  cable  can  be 
used,  the  installation  of  a  distributed  anten¬ 
na  system  can  be  easy,  straightforward  and 
economical. 

Finally,  the  lower-cost,  DSL-based  back¬ 
haul  for  a  pico/femto  cell  base  station 
makes  the  deployment  faster  and  less 
costly  from  that  perspective. 

Scheinert  is  CTO  at  LGC  Wireless..  He  can 
be  reached  at  sscheinert@LGCWireless.  com. 


Ask  Dr.  Internet  By  Steve  Blass 


We  have  an  XML  schema  defining  documents 
that  contain  paragraphs  of  text  collected  from 
Web-based  survey  response  forms,  and  we 
want  to  store  them  in  a  MySQL  database.  MySQL 
provides  three  data  types  for  text  storage  ele¬ 
ments:  CHAR,  VARCHAR  and  TEXT.  Which  is  easi¬ 
est  and  fastest  to  work  with? 

The  differences  in  processing  efficiency  between 
MySQL’s  three  character  storage  types  should  not  have 


a  big  impact  on  processing  times  unless  your  data  sets 
are  extremely  large.  CHAR  items,  which  are  fixed  length, 
are  the  fastest  to  store  and  retrieve  but  can  waste  stor¬ 
age  space,  VARCHAR,  a  variable-length  string,  can  be 
slower  to  store  and  retrieve  but  does  not  waste  storage 
space.  TEXT  is  a  character  BLOB  that  requires  more 
storage  space  and  I/O  than  the  other  two.  Using  all 
CHAR  fields  for  text  data  technically  is  the  fastest 
choice,  but  CHAR  data  items  have  a  maximum  length  of 
255  characters.  The  latest  versions  of  MySQL  allow  VAR¬ 


CHAR  items  to  be  up  to  65,535  characters  long,  which  is 
the  maximum  length  of  a  row.  TEXT  is  appealing  be¬ 
cause,  unlike  with  VARCHAR,  you  can  put  multiple  full- 
size  TEXT  items  in  one  row.  To  enable  full-text  indexing 
for  the  data,  you  will  need  to  use  the  MylSAM  table  type 
for  your  database  regardless  of  which  variable  types  you 
choose  for  your  data  fields. 

Blass  is  an  IT  manager  in  Phoenix  and  can  be  reached 
at  dr.internet@jschnee.com. 
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What’s  running?  Use  What’s  Running 


GEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


Doesn’t  time  fly  when  you’re  hav¬ 
ing  fun?  We  were  about  to  reference 
a  column  we  wrote  “a  few  weeks 
ago”  but  it  turns  out  we  actually 
wrote  it  at  the  end  of  2004!  That  must 
mean  we’re  having  lots  of  fun. 

In  that  column  (www.nwdocfind- 
er.com/7126)  we  discussed  the  won¬ 
ders  of  a  free  utility  called  Process 
Explorer,  which  is  not  only  a  replace¬ 
ment  for  the  very  limited  and  rather 
sad  Windows  Task  Manager,  but  also 
provides  a  lot  of  useful  information 
about  what  is  going  on  under  the  hood. 

The  company  that  published  that  tool,Sysinternals,is  now 
owned  by  Microsoft  and  a  much  improved  version  of 
Process  Explorer  can  be  found  on  the  Microsoft 
Sysinternals  Web  site  (www.nwdocfinder.com/7127). 

We  just  discovered  a  similar  tool  for  people  struggling 
with  Windows  systems:  What’s  Running  (www.whatsrun 
ning.net),  published  by  Christer  Fahlgren. 

What’s  Running  works  with  Windows  2000,  XP  and  2003, 
and  is  very  ambitious  in  its  efforts  to  extract  as  much  infor¬ 
mation  as  possible  from  a  Windows  system. 

For  the  most  part,  What’s  Running  uses  a  two-column  lay¬ 
out.  The  left  column  lists  six  views  —  Processes,  Services, 
Modules,  IP  Connections,  Drivers  and  Startup  —  and  pro¬ 
vides  a  set  of  snapshot  functions  that  save  the  currently 
discovered  data  in  an  XML  format.You  also  can  reload  pre¬ 


vious  snapshots  and  compare  them  with  the  current  snap¬ 
shot  to  show  only  the  differences. 

The  right-hand  column  shows  the  data  for  the  selected 
view,  and  all  views  can  be  configured  to  show  as  much  or 
as  little  detail  as  needed.  All  views  but  Startup  have  an  addi¬ 
tional  subcolumn  to  the  right  that  shows  the  details  of  the 
currently  selected  item. There’s  also  a  set  of  tabs  at  the  top 
that  can  be  used  to  select  the  views  and  provide  an  addi- 

What’s  Running  . . .  extracts  as 
much  information  as  possible 
from  a  Windows  system. 

tional  view  not  listed  in  the  left-hand  column. 

The  Process  view  shows  all  processes.You  can  sort  this  or 
any  view  by  any  column. The  Process  view  includes  a  hier¬ 
archical  tree  of  the  processes  or  an  alphabetic  list  along 
with  items  such  as  Process  ID  and  CPU  utilization. 

Selecting  a  process  in  the  right  column  displays  its  details 
in  the  additional  subcolumn,  and  includes  the  process’ 
name,  Dynamic  Link  Libraries  (DLL),  used,  parent  process, 
processor  usage,  memory  usage,  handles  used, services  run¬ 
ning  within  the  process  and  IP  connections  in  use. 

The  IP  Connections  view  details  remote  connections  of 
each  running  process  as  well  as  the  process’  name,  ports 
used,  what  connections  they  are  listening  for  and  the  con¬ 
nection’s  status. 

The  Services  view  shows  what  services  are  loaded,  their 


status,  services,  type  and  so  on,  while  the  Modules  view 
shows  detailed  information  on  all  DLLs  and  EXEs  in  use  and 
can  directly  open  the  folder  where  the  module’s  file  is  locat¬ 
ed.  It  also  provides  the  reverse  of  the  process  view  finding 
all  of  the  processes  that  have  loaded  a  specific  module. 

The  Drivers  view  shows  information  on  all  drivers, 
whether  loaded  or  not  loaded  but  registered.  It  also  shows 
details  about  running  drivers,  such  as  file  version,  vendor 
name,  dependencies  and  load  order  group. 

As  we  noted,  the  Startup  view  doesn’t  have  an  extra  col¬ 
umn.  In  this  view  all  startup  items  are  listed  and  you  can 
enable  or  disable,  edit  delete,  and  create  new  startup  items 
that  are  controlled  by  the  registry  or  by  the  startup  folder. 

The  final  view,  System  Info,  is  selectable  from  the  tabs  but 
not  the  left-hand  views  column, and  it  doesn’t  have  an  extra 
column.  It  displays  basic  system  information  such  as  in¬ 
stalled  memory  processor  and  registered  user. 

What’s  Running  provides  a  wealth  of  useful  system  infor¬ 
mation  that,  combined  with  the  snapshot  feature,  makes  for 
an  incredibly  useful  system  analysis  and  documenting 
tool.  In  use,  What’s  Running  is  different  from  Process 
Explorer  in  that  it  imposes  fairly  significant  processor  over¬ 
head,  making  it  much  less  suitable  as  a  replacement  for  the 
Windows  Task  Manager. 

What’s  Running  is  free  for  personal  use  and  $25  for  a  sin¬ 
gle  copy  for  business  use. 

Well,  this  column  sure  went  by  quickly  so  we  must  be  hav¬ 
ing  fun.  Tell  gearhead@gibbs.com  if  you  are  having  fun  too. 


-  CoolTools 

Quick  takes  on  high-tech  toys.  Keith  Shaw 
OtterBox  makes  rugged  BlackBerry  cases 

It’s  probably  not  the  best  idea  to  give  BlackBerry  fanatics  addi¬ 
tional  places  where  they  can  feed  their  wireless  e-mail 
addiction,  but  there  may  be  times  when  using  a 
BlackBerry  in  a  rugged  condition  is  required  for  a  job. 
In  that  case,  OtterBox  recently  announced  its  1930 
and  1931  cases,  designed  to  protect  BlackBerry 
8700  and  7200  series  devices.  The  1930  case  is  $130 
through  the  OtterBox  Web  site.The  1931  case  is  com¬ 
ing  soon. 

The  cases  provide  water-resistant  access  to  the  key¬ 
pad,  scroll  wheel,  escape,  power,  mute  buttons  and  the 
programmable  side  button.  Made  of  a  polycarbonate 
shell,  the  cases  also  include  rubber  molding  for 
improved  grip  and  some  drop  protection.  The  case  cov¬ 
ers  the  LCD  screen,  protecting  it  from  scratches,  while  the 
Donaldson  acoustic  membrane  vents  allow  sound  to 
come  through  while  the  case  is  sealed.  OtterBox  says  the 
cases  have  an  81  OF  rating  from  the  military  for  drop  and 
shock, and  an  IP54  rating  for  heavy  rain  and  dust  intrusion. 


Keep  dust  and  water 
away  from  your 
BlackBerry. 


USB  adapter  connects  telephone  to  PC  for  Skype  calls 

The  latest  Trendnet  VoIP  adapter  is  the  ClearLink  VoIP  USB  Phone  Adapter 
(modelTVP-SP5G),a  handheld  adapter  that  connects  to  a  PC  via  USB.  Connecting 
a  telephone  to  the  adapter  lets  you  make  Skype  calls  from  the  telephone  through 
the  PCs  broadband  connection. 

The  device  is  powered  by  the  USB  connection,  and  a  button  lets  you  switch 


between  a  Skype  call  and  a  regu¬ 
lar  phone  call. The  adapter 
is  $47  at  online  retailers 
and  the  Trendnet  Web 
site.The  company  makes 
other  VoIP  adapters  and 
accessories,  including 
Bluetooth  speaker  phone 
systems. 

Toshiba  to  offer  Vista  notebooks 

This  week  sees  the  official  consumer 
launch  of  Windows  Vista  from  Microsoft, 
which  means  notebook  and  desktop  vendors  will 
be  coming  out  with  versions  with  the  operating  sys¬ 
tem  already  installed.  Toshiba  said  last  week  that  its 
Satellite  PI 05  and  U205  notebook  lines  will  be  avail¬ 
able  soon  with  Windows  Vista  Ultimate  or  Vista  Home 
Premium. 

Both  notebooks  will  include  a  DVD  SuperMulti  double  layer  drive  (reads  and 
writes  as  many  as  1 1  formats),  DDR2  memory, and  a  5-in-l  media  card  adapter  slot. 
The  PI 05  (starts  at  $1,600, available  this  week)  includes  a  17-inch  widescreen  dis¬ 
play,  full-size  keyboard  and  built-in  Harman/Kardon  stereo  speakers.  The  U205 
notebook  is  an  ultra-portable  model  with  a  12.1-inch  widescreen  display  shock¬ 
absorbing  hard  drive  protection,  a  spill-resistant  keyboard  and  biometric  finger¬ 
print  reader. The  U205  starts  at  $1,300  and  will  be  available  on  Feb.  6, Toshiba  says. 

Starting  Tuesday  the  Cool  Tools  crew  heads  to  Palm  Desert,  Calif.,  for  DEMO  2007. 
Check  out  NetworkWorld.com  for  preview  stories,  blog  entries  and  a  bunch  of 
demonstrator  videos,  showcasing  the  coolest  new  products.  Shaw  can  be  reached 
at  kshaw@nww.com. 


Trendnet  makes  Skype 
calling  easier  with  its 
USB  phone  adapter. 
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n  Technology 

John  Dix 

Breaches:  Boards 
need  to  wake  up 

The  first  reports  of  fraud  using  data  stolen  from  retail 
giant  TJX  in  December  started  to  trickle  in  last  week, 
and  many  observers  fear  a  torrent  will  develop. 
Although  the  $16  billion  company  —  which  operates 
2,300  stores,  including  the  T.J.  Maxx  and  Marshalls  chains  — 
won’t  say  how  many  customer  records  were  accessed,  it 
says  the  hacked  systems  handled  credit  card,  debit  card 
and  check  information  for  transactions  in  2003  and  from 
mid-May  2006  through  December  2006. 

Unfortunately,  these  types  of  targeted  attacks  are  becom¬ 
ing  the  norm.  Skilled  hackers  are  increasingly  in  it  for  finan¬ 
cial  gain,  no  longer  entertained  by  the  notoriety  associated 
with  the  release  of  a  virulent  new  virus  or  worm. 

But  you  have  to  wonder  why  in  this  day  and  age,  this  type 
of  breach  is  still  possible.  It  isn’t  like  companies  are 
unaware  of  the  risk. 

Data  loss  has  been  front  page  news  for  years.  According 
to  the  Privacy  Rights  Clearinghouse,  more  than  100  mil¬ 
lion  customer  records  have  been  lost  or  stolen  since 
February  2005.  And  the  business  risk  is  well  understood. 
Conventional  wisdom  says  it  costs  a  company  $150  for 
every  customer  record  lost,  and  in  some  industries  that  is 
probably  more  like  $1,000  per  record.  So  if  millions  of 
records  are  lost,  as  some  expect  is  the  case  with  TJX,  the 
math  is  pretty  simple. 

So  why  aren’t  all  customer  records  encrypted  everywhere? 
There  is,  apparently  a  gap  between  IT’s  understanding  of  the 
problem  and  the  boardroom’s  understanding  or  willingness 
to  address  the  problem.  Either  we  aren’t  yelling  loudly  fre¬ 
quently  or  clearly  enough  about  the  risk,  or  boards  are  sim¬ 
ply  hoping  beyond  hope  it  won’t  happen  on  their  watch. 

Surely  TJX  would  have  paid  whatever  it  would  have  cost 
to  encrypt  those  records,  because  the  costs  associated  with 
the  fallout  will  be  so  much  greater.  Consider  that  the  data 
breach  at  another  retailer,  DSW  is  said  to  have  cost  the  com¬ 
pany  some  $10  million. 

It  isn’t  like  the  tools  to  safeguard  against  data  loss  are 
rocket  science. There  are  plenty  out  there.  And  the  good 
news  is  they  are  getting  easier  to  acquire  and  manage. 

Utimaco,for  example,  sells  a  suite  of  encryption  products 
designed  to  protect  data  in  motion,  at  rest  and  in  use,  says 
CEO  Martin  Wulfert.The  company’s  tools  cover  everything 
from  e-mail  encryption  to  safeguarding  data  on  handheld 
and  mobile  devices  and  even  removable  media. 

Offering  product  bundles  helps  simplify  administration 
and  key  management,  Wiilfert  says. 

With  each  and  every  reported  breach,  it  should  get  easier 
to  get  the  attention  of  the  bean  counters.The  time  is  right 
to  go  back  and  make  your  case  again. 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 


_ 


Missing  from  the  list 

Regarding  “The  50  most  powerful  people”  (www.nw 
docfinder.com/7071):  It’s  curious  that  no  IETF 
Working  Group  chair  appears  on  your  list.  After  all, 
the  Internet  is  developed  inside  IETF  and  VoIR  SIP 
and  IPv6  were  made  by  IETF 

Franck  Martin 

Vice  chairman,  Pacific  Islands  Chapter  of  the 

Internet  Society 
and  Internet  Society  Trustee 
Suva,  Fiji 

Outrage  lives 

Regarding  Mark  Gibbs’  BackSpin  column  “2007:The 
Year  of  Being  Outraged?”  (www.nwdocfinder.com 
/7072):  I  too  sometimes  wonder  where  the  outrage 
is.  Often  I  think  we  just  get  tired  of  the  fight.lt  seems 
that  every  week  there  is  someone  new  stealing 
from  us,  or  creating  situations  that  physically  or 
financially  harm  us.  I  could  write  a  letter  every  day 
to  complain  about  some  situation,  but  I  do  not 
have  time  for  that. 

I  did,  however,  complain  to  Sony  I  am  so  ticked  off 
about  the  rootkit  fiasco  that  I  have  decided  not  to 
purchase  any  product  that  I  can  trace  back  to  Sony 
if  there  is  any  way  that  I  can  buy  it  from  another 
company.  Will  my  single  effort  help  to  change  the 
world?  Probably  not,  but  I  have  to  do  what  I  can. 

Michael  Q.Adams 
Irving, Texas 

Yes,  I  am  outraged.  I  am  also  outraged  that  my 
biggest  problems  are  spam  and  spyware,  and  no 
one  seems  to  be  doing  much  about  either  of  them. 
Spam  and  spyware  are  costing  businesses  billions 
(note  that  you  pay  for  this  in  higher  prices),  and 
that  doesn’t  include  the  loss  in  worker  productivity 


Also  note  that  realized  bandwidth  would  double  if 
all  this  traffic  were  erased.  Don’t  tell  me  nothing 
can  be  done  about  it.  I’m  outraged  that  Congress 
approved  spending  millions  on  a  bridge  in  Alaska 
that  no  one  wants  and  doesn’t  go  anywhere,  and 
has  not  yet  established  a  CIA-  or  FBI-type  agency 
specifically  to  go  after  the  spam  and  spyware 
attackers.  Now  tell  us  what  we  can  do  about  it. 

Jack  Miller 
Mentor,  Ohio 

My  outrage  has  mellowed  into  cold,  calculated 
risk  management.  Sony  is  permanently  off  my  list  of 
vendors  for  any  product,  for  any  purpose,  because 
1  cannot  trust  that  they  aren’t  (or  won’t  in  the 
future)  pull  the  same  thing  again. 

The  consequences  to  Sony?  Well,  they  aren’t  go¬ 
ing  to  wither  away  or  probably  even  notice  my  boy¬ 
cott.  But  I  did  not  buy  their  cheap  DVD  player  at 
Sam’s  the  other  day  I  don’t  look  at  their  flat  screens 
or  laptops.  No  more  Sony  CDs  or  DVDs.  No  movies 
they  had  a  hand  in  producing  or  distributing.  If 
Sony  is  the  unique  supplier  of  something  I  want,  I 
may  revisit  the  decision.  Otherwise,  why  should  I? 

Are  other  companies  doing  undesirable  things  to 
me?  Probably  They  join  the  blacklist  when  they  get 
caught. 

I  do  not  eat  store-bought  meat.  1  bought  my  dogs 
from  folks  I  know.  I  don’t  run  Microsoft  products  ex¬ 
cept  in  very  constrained  environments,  when  nec¬ 
essary  (it  is  stupid  or  hopelessly  idealistic  to  not 
test  Web  pages  in  Internet  Explorer  unless  you 
know  your  audience  doesn’t  use  it).  But  I  cannot 
manufacture  my  own  video  card  or  batteries. 

Brandon  Sussman 
Webster,  N.H. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification 


Readers  respond  Find  out  what  readers  are  saying  about  these  and  other  topics. 
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THEY  CLAIM 
THE  FEWEST 
PROPPED  CALLS 
POT  THEY  HAVE 
THE  MOST 
PROPPED  NAMES 
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►  NAG  now 

School  district  bets  on  start-up. 


►  Waiting  on  ►  More  NAG  Go  online  for  links  to  all  of  our  NAC 

Microsoft  coverage,  www.nwdocfinder.com/7125 

Fulton  County  picks  Microsoft’s 
NAP  scheme. 


NETWORK  WORLD  SPECIAL  FEATURE 


Before  you  green-light  a  NAC 


WANT 
CONTRACTORS 
TO  BE  ABLE  TO  GET 
IN  AND  OUT  AND  IF 
AUDITORS  ARt  HERE. 
FORTHEMTO  US^ 
THEIR  VPNS.  THAT’S 
REALLY  WHAT  I  WAS 
AFTER  WITH  NAC." 

Scott  Erickson, 

CTO,  Erickson  Retirement  Communities 


Proceed  with 


deployment,  beware  of  cost,  complexity 
and  gaps  in  vendor  offerings 


BY  TIM  GREENE 


That’s  because  comprehensive  NAC  rollouts  are  costly  and 
complex,  and  the  technology  is  young  enough  that  even  if  the 
goals  are  simple,  the  implementation  may  not  be. 

For  instance,  Erickson  Retirement  Communities  in  Silver 
Springs,  Md.,  wanted  NAC  to  block  intentionally  malicious 
users  from  gaining  access  to  the  networkdf  you  can’t  authen¬ 
ticate  successfully,  you’re  going  to  end  up  in  some  dirty  [virtu¬ 
al  LAN]  that  gives  you  Internet  access,  and  that’s  it,"  says  Scott 
Erickson,  the  company’s  CTO,  who  oversees  the  firm’s  14  cam- 
puses.“I  want  contractors  to  be  able  to  get  [traffic]  in  and  out, 
and  if  auditors  are  here,  for  them  to  use  their  VPNs.  That’s  real¬ 
ly  what  I  was  after  with  NAC." 

But  even  that  focused  agenda  is  difficult  for  Erickson  to 
achieve,  for  two  reasons.  One,  he  has  been  trying  to  imple- 

See  NAC,  page  22 


etwork  executives  plan¬ 
ning  to  deploy  network 
access  control  should 
start  with  very  specific 
goals,  not  intricate  schemes  to 
quarantine  and  remediate 
insecure  devices,  shut  down 
badly  behaving  machines  and 
record  every  connection  each 
device  attempts  to  make  on 
the  network. 


.INFRASTRUCTURE  LOG 


—  —  -  —  .  _® 

_DAY  18:  Everything  is  frozen.  It’s  our  processes.  /-< - - - — 

They’re  inflexible.  We  can’t  respond  to  change. 


_Why  did  we  lock  ourselves  in  like  this?  Brrrr. 


_DAY  19:  A  way  out.  IBM  WebSphere  middleware  for 
Business  Process  Management.  It  lets  us  streamline 
business  tasks.  We  can  test  our  processes  before  we 
roll  them  out  and  monitor  performance  once  they’re 
deployed,  and  reuse  is  easy  because  it’s  based  on  a 
service  oriented  architecture. 

.Everything’s  unfrozen  now.  Wow,  it’s  good  to  feel 
my  toes  again. 


WebSphere 


Take  the  BPM  with  SOA  Assessment  at: 

IBM.COM/TAKEBACKCONTROL/PROCESS 


IBM,  the  IBM  logo  and  WebSphere  are  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2006  IBM  Corporation.  All  rights  reserved. 
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continued  from  page  20 


ment  the  technology  while  keeping  an  eye  on  his  bud¬ 
get.  And  two,  all  the  elements  he  needs  are  not  ready, 
although  vendors  he  works  with  talk  about  them  as  if 
they  are. 

This  dilemma  stems  from  the  many  definitions  of  NAC 
being  bandied  about.  Initially,  NAC  as  defined  by  Cisco 
was  a  response  to  the  Blaster  worm  that  ravaged  net¬ 
works  in  2003.The  goal  was  to  check  that  endpoints  had 
proper  patches  and  updated  security  in  operation  before 
they  gained  network  access. 

Since  then,  useful  additions  such  as  internal  intrusion 
detection/prevention  gear  have  been  tacked  on  to  the 
definition.  Notoriety  of  the  technology  has  soared,  and 


based  on  the  expanded  definition,  NAC  has  been  split 
into  two  parts:  pre-admission  and  post-admission. 

Erickson  was  interested  in  pre-admission  controls  that 
tie  users  and  machines  to  policies.  He  wanted  machines 
to  identify  themselves  as  issued  by  the  company  or  not, 
then  have  users  identify  themselves  and  use  a  combina¬ 
tion  of  the  two  identity  checks  to  determine  what,  if  any 
access  they  get. “Now,  if  it’s  a  combination  of  the  two,  I’ll 
put  you  into  a  full,  accessible  VLAN,"  he  says. 

Erickson  figured  he  had  all  the  elements  he  needed. 
His  Cisco  switches  are  software  upgraded  to  handle 
802. lx  port-level  policy  enforcement,  and  his  Cisco 
Access  Control  Server  (ACS)  RADIUS  server  is  interop¬ 


erable  with  Active  Directory. 

LotsofCatch-22s 

But  it  wasn’t  as  simple  as  he  thought.  For  Cisco  switch¬ 
es  to  enforce  the  policies  using  802.  lx  port  authentica¬ 
tion,  each  machine  being  screened  needs  802.  lx  suppli¬ 
cant  client  software,  and  Cisco  didn’t  have  any  ready  late 
last  year  when  Erickson  was  ready  to  go. 

He  hoped  Microsoft  would  come  up  with  a  supplicant 
for  Windows  XP  that  would  work  with  Cisco  switches,  but 
it  didn’t.  So  his  first  thought  was  to  pilot  Cisco  Network 
Access  Control  using  Microsoft  Vista  and  its  802.  lx  sup- 

See  NAG,  page  24 


When  you  need  NAC  now 

School  district  selects  pricey 
appliance  from  NAC  start-up 

BY  TIM  GREENE 

he  Upper  Canada  District  School  Board  decided  it  needed 
network  access  control  to  securely  expand  wireless  access 
across  the  vast  district,  broaden  the  types  of  devices 
allowed  access  to  its  network  and  keep  students  out  of 
sensitive  servers. 

When  it  started  looking  for  NAC  technology  18  months  ago,  the  options  were  limit¬ 
ed,  and  CIO  Jeremy  Hobbs  came  across  a  story  about  Nevis  Networks  in  a  trade 
publication.  He  contacted  the  company  and  reached  someone  he  had  dealt  with 
before  at  another  vendor.  They  worked  out  an  arrangement  in  which  the  district  would 
be  a  test  bed  for  the  product. 

The  district  also  chose  Nevis  because  it  doesn't  like  to  get  locked  into  a  single  ven¬ 
dor,  Hobbs  says,  which  is  why  it  decided  against  NAC  schemes  from  the  two  industry 
heavyweights  —  Cisco's  Network  Admission  Control  and  Microsoft's  Network 
Access  Protection,  he  says. 

The  school  district  sprawls  over  an  area  of  Ontario  three  times  the  size  of  the  state 
of  Connecticut  and  includes  35,000  students  and  5,000  staff,  The  schools  use  NAC  to 
allow  personal  laptops  onto  the  network  as  well  as  to  expand  wireless  access,  he 
says.  At  the  same  time,  the  Nevis  gear  helps  keep  unauthorized  users  out  of  the  data 
center,  where  human  resources  and  student  data  are  stored. 

“We  find  the  majority  of  threats  come  internally  from  kids  who  are  aspiring  to  grow 
up  to  be  hackers  or  who  are  interested  in  tinkering,"  Hobb  says. 

Nevis  gear  was  added  to  the  district  network  without  requiring  reconfiguration  of 
the  network  infrastructure.  Hobbs  put  two  Nevis  2026  devices  between  core  switches 
and  access  switches  serving  the  data  center  at  the  district  headquarters  in 
Brockville,  Ontario,  They  integrate  with  the  district's  Active  Directory  so  users  gain 
access  when  they  log  in  from  authorized  machines.  The  experience  is  identical  to 
what  users  experienced  before  the  NAC  equipment  was  installed,  he  says. 

Users  logging  in  with  their  own  laptops  are  diverted  by  the  Nevis  appliance  to  a  por¬ 
tal,  and  their  devices  are  scanned  for  virus  definitions,  malware  and  spyware. The  Nevis 
system  does  not  require  client  software  on  devices  seeking  entry  to  the  network. 

Users  attempting  to  connect  via  any  of  the  Wi-Fi  access  points  across  the  district 
also  must  authenticate  via  user  name  and  password  through  the  Nevis  appliance.  All 
of  the  district's  120  sites  have  at  least  one  wireless  access  point,  and  Hobbs  hopes 
within  two  years  to  have  100%  wireless  coverage  in  those  buildings  and  to  accommo¬ 
date  any  wireless  device.  "We'd  like  to  let  the  wireless  network  be  wide  open  but  let 
the  network  security  layer  take  care  of  itself,"  he  says. 

Hobbs  considers  the  gear  pricey.  "We  probably  peak  out  at  3,500  concurrent 
users,  and  you're  looking  at  $60,000  for  1,000  users.  That's  a  fairly  significant  invest¬ 
ment,"  he  says.  He  also  recognizes  that  NAC  is  new  and  start-ups  around  today 
might  not  be  here  tomorrow.  "If  I  wasn't  experiencing  a  ton  of  pressure  for  these 
kinds  of  tools,  I'm  not  sure  I  wouldn't  just  wait  for  a  little  while  longer  to  let  the 


“WE  FIND  THE  MAJORITY  OF 
THREATS  COME  INTERNALLY  FROM 
KIDS  WHO  ARE  ASPIRING  TO  GROW 
UPTO  BE  HACKERS  OR  WHO  ARE 
INTERESTED  IN  TINKERING." 

Jeremy  Hobbs,  CIO,  Upper  Canada  District  School  Board 


industry  evolve  a  little  bit,"  he  says. 

In  three  years,  as  the  technology  matures  and  competition  weeds  out  the  weaker 
vendors,  his  thinking  will  likely  change.  "My  guess  is  at  that  point  well  probably  go 
with  a  fully  formed  product  from  a  bigger  player,”  he  says.  ■ 
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_DAY  33:  Our  information  is  siloed.  Unmanageable. 
People  can’t  access  the  latest  info  to  make  decisions. 
Gil’s  resorted  to  giving  everyone  access  to  everything 
all  at  once. 

.Monitors  now  outnumber  humans  18  to  1. 

.DAY  36:  It’s  clear  to  me.  We  need  an  IBM  Information 
On  Demand  middleware  solution.  Info  will  be  liberated 
from  the  silos — available  when  we  need  it,  whatever 
the  format.  Accurate  and  in  context.  Now  we  can  make 
smarter  decisions  and  deliver  real  business  value. 


.Access  is  a  beautiful  thing. 


Information  Management 


See  innovative  IBM  Info  Management  solutions  in  action 

IBM.COM/TAKEBACKCONTROL/INFO 
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plicant  at  three  sites  with  about  100  PCs  each.  “I  have 
three  sites  with  about  100  PCs  each  that  1  just  opened  and 
I’m  going  to  flip  all  three  of  them. Those  will  be  my  pilot 
sites,"  Erickson  says.  At  least  that  was  the  original  plan. 

Now;  he’s  considering  a  more  costly  alternative  — 
installing  Cisco  Network  Access  Control  appliances  at 
each  site.  He  has  so  many  sites  that  the  cost  is  high,  he 
says. But  he  may  be  forced  into  eating  the  extra  cost  in  the 
interest  of  avoiding  a  long  wait  while  bugs  are  worked  out 
of  Vista. 

As  Erickson’s  experience  points  out,  NAC  can  have  pit- 
falls.  ‘‘There’s  lots  of  pieces  and  parts  to  NAC  and  the 
number  of  vendors  makes  it  hard,"  says  Zeus  Kerravala, 
an  analyst  with  the  Yankee  Group. 

But  Kerravala  points  out  that  Erickson  has  done  many 
things  right  in  his  deployment,  such  as  examining 
whether  existing  policy-storage  directories  can  fit  into  the 
NAC  scheme  a  customer  is  considering.  If  a  company  has 
Active  Directory  in  use,  they  should  be  able  to  leverage  it 
in  a  Cisco  Network  Access  Control  implementation  rather 
than  buying  Cisco’s  Clean  Access  Server,  he  says. 

Also,  businesses  should  first  deploy  NAC  to  a  small 
group  of  technically  savvy  users  at  different  sites,  just  as 
Erickson  plans  to  do.  “Learn  your  lessons  with  them  and 
build  off  that  then  roll  it  out  more  broadly"  Kerravala  says. 

And  Kerravala  recommends  starting  with  an  appliance 
even  if  the  goal  is  to  embed  NAC  in  the  network  infra¬ 
structure.  “A  network  upgrade  is  expensive  and  an  appli¬ 
ance  lets  you  test  the  technology  before  you  commit  to 
one,”  he  says. 

The  no-client  appliance  approach 

Brett  Childress,  the  director  of  IT  Infrastructure  for  instru¬ 
mentation  vendor  National  Instruments  in  Austin,  Texas, 
says  he  wanted  a  NAC  appliance  from  the  outset.  Two 
years  ago  when  he  started  looking,  his  network  vendor, 
Cisco,  had  no  workable  NAC  equipment,  and  he  wanted 
to  avoid  any  NAC  scheme  that  required  client  software. 

He  also  was  interested  in  post-admission  NAC  to  guard 
against  malware  that  gets  past  virus  screening.  He  select¬ 
ed  Mirage  Networks’  gear  from  among  limited  choices, 
primarily  because  it  required  no  client  software.  “We  just 
didn’t  want  another  piece  of  software  spread  around  on 
machines  that  we  would  have  to  keep  updated  and 
would  make  us  worry  about  multiplatform  support," 
Childress  says.  National  instruments’  desktops  run  multi¬ 
ple  flavors  of  Windows,  Linux  and  Macintosh. 

The  company  doesn’t  use  a  formal  pre-admission  NAC 
product,  instead  relying  on  frequent  operating  system 
patches  and  antivirus  signature  updates  to  protect  the 
network  from  infected  machines,  Childress  says.  “With  a 
layered  defense  of  central-managed  antivirus,  patch  man¬ 
agement  via  SMS  and  with  Mirage  on  top  of  that,  we  feel 
fairly  comfortable,"  he  says. 

But  that  could  change  if  the  company  broadens  its 
remote-access  program  to  include  machines  owned  by 
employees  that  are  not  maintained  by  National 
Instruments.  Childress  says  he  would  have  to  examine  the 
cost  of  pre-admission  NAC  vs.  its  benefits  because  it  tells 
the  status  of  the  connecting  machines’  defenses,  not 
whether  they  have  actually  been  infected. 

“I’m  checking  they  have  antivirus  installed  and  turned 
on,  a  DAT  file  that’s  not  more  than  a  week  out  of  date,  that 


they  have  the  most  recent  critical  update  from  Microsoft," 
Childress  says.  “The  reality  is  you’re  not  checking  for  all 
these  other  potentially  unknown  pieces  of  malware  that 
could  be  installed  on  that  machine." 

The  philosophy  of  the  company  is  to  allow  employees 
unrestricted  access  to  resources  and  the  Internet  as  long 


as  that  behavior  doesn’t  endanger  the  network.  “We  tend 
to  shy  away  from  super-strict,  upfront  secure  policies,"  he 
says,  and  use  Mirage  to  defend  against  attacks  that  free¬ 
dom  might  enable.“We  want  to  provide  an  adequate  safe¬ 
ty  net  to  protect  the  productivity  of  the  company.  We 

See  NAC,  page  27 


Waiting  on  Microsoft 

Fulton  County  selects  Microsoft’s  NAP  scheme  as  the 
low-cost  option,  but  deployment  is  on  hold 

BY  TIM  GREENE 

ulton  County  in  Georgia  is  about  as  far  along  as  any  place  in  implementing 
Microsoft's  version  of  network  access  control.  But  even  Fulton  County  won’t  be 
able  to  put  Microsoft's  Network  Access  Protection  (NAP)  into  production  for 
several  more  months, 

The  Microsoft  endpoint  protection  architecture  delivers  what  the  county  wants  — the  ability  to 
check  the  status  of  machines  before  they  gain  network  access —  but  the  individual  pieces  aren't  ready  yet, 
says  Robert  Taylor,  the  county’s  CIO  and  director  of  IT. 

Taylor  has  had  Microsoft’s  Vista  client,  which  enables  NAR  on  his  PC  since  July  2005  as  part  of  a  Microsoft 
beta  program.  But  the  county  is  waiting  for  Longhorn  Server  and  an  upgrade  to  Microsoft  System  Manage¬ 
ment  Server  (SMS)  that  will  make  it  possible  to  push  Vista  out  to  5,000-plus  users. 

Without  that  SMS  upgrade,  deploying  NAP  would  be  too  time  consuming.  "So  what  we  have  to  end  up  doing  is 
basically  running  around  from  PC  to  PC  and  doing  it  manually.  I  don’t  have  enough  resources  to  do  that,"  Taylor  says. 

The  county  wants  to  take  advantage  of  its  Microsoft  enterprise  software  license  to  add  NAP  protections 
without  extra  costs  by  leveraging  Vista,  which  reports  on  the  status  of  endpoints,  and  Active  Directory  in  con¬ 
junction  with  Longhorn  server,  which  supply  and  enforce  NAP  policies. 

The  county  considered  using  Cisco’s  Network  Admission  Control,  but  the  $170,000  bid  was  too  expensive. 
"With  Microsoft,  NAP  is  bundled  within  the  product  itself  and  so  we  don’t  have  to  pay  the  $170,000  to  get  it.  It’s 
strictly  economics,"  Taylor  says. 

Blasted  by  Blaster 

With  NAP  making  sure  county  computers  have  properly  patched  operating  systems  and  security  software 
updated  and  switched  on,  the  network  will  be  less  vulnerable  to  attacks  such  as  the  Blaster  worm  that  brought 
Fulton  County  jails  to  their  knees  in  2004,  Taylor  says. 

Blaster  ravaged  the  network  during  an  agonizing  four  days  in  which  there  was  no  access  to  state  and  federal 
crime  databases.  "You  could  not  let  people  in  the  jail  or  let  people  out  of  the  jail,"  Taylor  says.  "You’ve  got  a  little  old 
lady  out  there  saying  my  son’s  been  in  jail  and  he  didn’t  do  anything  wrong  but  they’re  keeping  him  in  there  and 
won't  let  him  out,  and  it’s  all  IT's  fault," 

Other  key  benefits  of  NAP  include  less  time  spent  fixing  infected  machines,  a  task  that  ties  up  one  or  two  techni¬ 
cians  per  day  re-imaging  them.  And  NAP  will  save  time  and  money  in  the  maintenance  budget, Taylor  says. 

Contractors  for  the  county  who  join  the  network 
via  VPNs  will  be  checked  by  NAR  making  sure 
their  machines  also  are  clean.  "We  won’t  have  to 
worry  if  they’re  compromising  us,”  he  says. 

NAP  also  will  support  IPSec  encryption  of 
sensitive  data,  which  will  help  the  county 
meet  Health  Insurance  Portability  and 
Accountability  Act  regulations,  Taylor  says. 
Vista  and  Longhorn  server  supply  the  VPN 
components.  "We  don’t  have  to  go  out  and 
buy  third-party  software  to  do  encryption. 
That’s  a  big  cost,  too,"  he  says. 

Fulton  County  plans  to  start  testing  NAP  next 
month  when  SMS  is  expected  to  ship.  “The 
whole  NAP  rollout  initiative  will  start  after  that, 
maybe  in  the  second  or  third  quarter  of  2007," 
Taylor  says.  ■ 


“YOU  COULD  NOT  LET 
PEOPLE  INTHE  JAILOR  LET 
PEOPLE  OUT  OFTHE  JAIL,” 
TAYLOR  SAYS.  “YOU'VE  GOT 
A  LITTLE  OLD  LADY  OUT 
THERE  SAYING  MY  SON’S 
BEEN  IN  JAIL  AND  HE  DIDN’T 
DO  ANYTHING  WRONG. .. 
AND  IT’S  ALL  IT’S  FAULT.” 

Robert  Taylor,  CIO,  Fulton  County,  Ga. 
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.DAY  44:  This  lack  of  productivity  is  out  of  control. 
What  we’re  using  isn’t  working.  Gil’s  had  enough. 

He  moved  everyone  into  one  cubicle.  A  “collaboration” 
cubicle.  We  need  a  better  idea. 


.DAY  46:  I’m  going  with  IBM  Lotus®  Notes®  and  Domino! 
It’s  more  than  e-mail;  it’s  an  open  platform  designed 
for  collaboration.  It  has  proven  security  features  and 
productivity  enhancers  like  document  sharing  and  custom 
app  development.  And  it’s  flexible  enough  to  integrate 
across  multiple  platforms,  including  J2EE™  and  Linux! 

_0K,  who  sat  on  my  lunch? 


the  Lotus  Notes  &  Domino  demo  at: 

IBM.COM/TAKEBACKCONTROL/COLLABORATION 


Lotus. 
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Need  for  Remote  Network  Management 


fJsnstii  Ports  +  Power  Control  +  Dial-Up  Modem  s  1 U 
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The  CMS-6R4  Console  Management  Switch  is  the  ultimate  tool  for  economical 
Remote  Network  Management.  Six  serial  ports  to  access  you  equipment’s  console 
ports,  Four  power  outlets  to  perform  remote  reboot  or  On/Off  control  plus  an  internal  modem 
with  dial-back  features  for  secure  out-of-band  access  -  all  in  a  space  saving  1 U  package!  System 
administrators  can  access  remote  devices  from  anywhere  via  telnet,  dial-up,  local  terminal  or  KVM  switch. 
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would  never  want  one  user’s 
actions  to  take  down  the  depart¬ 
ment  for  a  day" 

The  price  of  pre-admission 

Advertising  and  marketing  firm 
Omnicom  Group,  based  in  New 
York,  has  adopted  ForeScout’s 
Counteract  appliance  that  per¬ 
forms  pre-admission  NAC.  The 
firm  needed  this  capability  be¬ 
cause  it  has  so  many  traveling 
employees  who  use  their  laptops 
off  network  for  weeks  on  end, 
then  return  with  the  laptops 
behind  in  updates  and  patches 
and  possibly  infected,  says  CIO 
Kenneth  Corriveau. 

Since  installing  Counteract 
about  a  year  ago,  the  company 
ensures  that  systems  coming  on 
the  network  are  patched  and  have 
current  virus  definitions.  Based  on 
their  status  they  are  denied  access 
or  assigned  to  specific  VLANs, 
Corriveau  says.The  preadmission 
NAC  also  checks  whether  users 
have  filed  time  sheets  and  denies 
access  until  they  are  done. 

In  general,  it  is  important  to  err 
on  the  side  of  caution,  Kerravala 
says,  to  avoid  unintended  disrup- 
tions.The  classic  example:  forcing 
the  CEO’s  laptop  to  update  virus 
definitions  before  it  can  connect 
to  the  network.  Is  the  annoyance 
worth  the  marginal  protection  the 
network  gains  by  the  update?  “Be 
careful  what  you  deploy,"  he  says. 
“What  you  put  in  must  not  prohib¬ 
it  workflow." 

That  is  why  it  is  key  to  get  sup¬ 
port  for  NAC  from  the  top.  In  par¬ 
ticular,  managers  for  lines  of  busi¬ 
ness  should  be  part  of  setting  poli¬ 
cies  that  will  establish  to  everyone 
that  the  cost  and  possible  delays 
caused  by  NAC  are  deemed 
worthwhile,  Kerravala  says. 

Corriveau  says  he  enlisted  busi¬ 
ness  groups  to  suggest  what  post¬ 
admission  policies  were  appropri¬ 


nww.com 

NAC  event  in  Boston 

Network  access  control  is  a 
revolutionary  rethink  of  network 
security.  Find  out  more  at 
Network  World’s  NAC  event  in 
Boston  on  March  6.  Free  to 
those  who  qualify. 
www.nwdocfinder.com/6846 


ate  to  their  units,  but  recommend¬ 
ed  any  policies  put  in  place  be 
tested  first  for  unforeseen  effects. 
For  instance,  his  initial  policies 
with  the  ForeScout  gear  picked  up 
administrative  access  to  SQL  data¬ 
bases  as  malicious  traffic,  which  it 
then  blocked. Tweaking  the  policy 
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corrected  the  problem,  he  says. 

Despite  some  shortcomings  in 
the  real  world,  NAC  has  drawn  so 
much  attention  that  it  has  solidly 
worked  its  way  into  long-term 
corporate  network  planning. 
According  to  Harte-Hanks  Aber¬ 
deen  Group,  44%  of  IT  decision 


makers  polled  recently  plan  to 
implement  some  form  of  NAC 
this  year. 

A  separate  survey  by  Thelnfo- 
Pro  last  fall  puts  the  number  like¬ 
ly  to  implement  or  develop  a 
NAC  plan  at  37%,  down  from  54% 
earlier  last  year,  but  still  a  signifi¬ 
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cant  number.  The  decline  was 
perhaps  influenced  by  the  late 
release  of  Microsoft’s  Vista  client 
that  is  essential  to  many  NAC 
deployments. 

These  results  suggest  that  limit¬ 
ed,  controlled  NAC  deployments 
are  the  way  to  go.U 
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How  to  survive  a  corporate  integration 

Mergers  and  acquisitions  are  on  the  rise,  but  you  can  thrive  with  the  new  flock 


BY  ROB  GARRETSON 

rian  Fellows  had  seen  it  all  be¬ 
fore.  When  media  conglomerate 
Thomson  Corp.  acquired  News- 
Edge  five  years  ago,  it  was  the  second 
time  his  company  had  been  swallowed 
by  a  larger  competitor.  The  anxiety  that 
swept  through  the  20-person  IT  depart¬ 
ment  was  palpable,  but  Fellows, then  the 
distributor  of  electronic  news  and  infor¬ 
mation  s  network  and  security  manager, 
kept  his  head. 

“The  second  acquisition  —  for  me,  at  least  —  was  a  little 
more  known,”  Fellows  recalls.  “I’d  been  through  the  fires 
before.  I  knew  it  was  coming.  On  the  other  hand,  1  was  now 
a  manager,  and  I  knew  that  the  higher  up  you  are  in  the 
hierarchy  the  more  likely  it  is  to  get  peeled  off.” 

Fellows  not  only  survived  his  company’s  second  acquisi¬ 
tion,  he  prospered.  His  team  grew  from  two  people  at  News- 
Edge  to  six  at  Thomson,  which  folded  NewsEdge  into  its 
Dialog  division.  Even  as  four  data  centers,  including  his,  in 
Burlington,  Mass.,  were  being  eliminated  and  their  func¬ 
tions  absorbed  by  Dialog  facilities  in  Minnesota,  his  IT 
group  became  a  primary  network-support  operation  for 
the  900-employee  division. 

“My  group  had  grown.  My  budget  had  grown.  My  respon¬ 
sibilities  had  grown,”  Fellows  says  about  Thomson  Dialog, 
which  he  left  after  a  few  years  to  work  for  a  smaller  firm.“If 
I’d  stayed  there  1  would  have  probably  ended  up  with  10 
people,  managing  the  networking  for  one  of  the  [compa¬ 
ny’s]  major  divisions.” 

Fellows  learned  through  experience  what  recruitment 
and  human  resources  experts  agree  are  the  keys  to  pros¬ 
pering  through  an  acquisition  or  merger:  Have  patience; 
plan  for  the  contingencies;  maintain  a  cooperative  attitude 
and  practice  problem-solving  that  can  demonstrate  your 
value  to  the  combined  company  Mergers  and  acquisitions 
typically  create  high  anxiety  for  employees  uncertain 
about  their  role  in  a  newly  combined  company  but  keep¬ 
ing  cool  and  taking  certain  precautionary  steps  can  go  a 
long  way  toward  ensuring  a  smooth  landing,  experts  and 
mergers  and  acquisitions  veterans  say 

“Be  patient,”  advises  Mitchell  Marks,  a  professor  at  San 
Francisco  State  University’s  College  of  Business  and  a  con¬ 


sultant  specializing  in  managing  corporate  transitions.  Em¬ 
ployees  whose  companies  have  acquired  or  merged  with 
another  company  typically  have  more  time  than  they  real¬ 
ize  to  assess  the  situation  and  explore  their  options,  he  says. 
Decisions  about  workforce  restructuring  and  potential  job 
cuts  usually  are  several  months  away 
“The  reality  is  that  companies  buy  companies,  and  only 
after  that  do  they  really  explore  what  they’ve  purchased. 
The  deal  gets  done,  and  then 
they  do  their  homework,” says 
Marks,  author  of  Joining 
Forces:  Making  One  Plus 
One  Equal  Three  in  Mergers, 

Acquisitions,  and  Alliances. 

Even  when  redundancies  are 
identified  and  targeted  for 
cuts,  employees  shouldn’t 
panic:“If  they’re  having  a  20% 

[reduction],  there  are  still 
going  to  be  80%  who  stayf  he 
says.  “So  odds  are  you’re  not 
going  to  lose  your  job.” 

Kevin  Rosenberg,  managing 
partner  at  BridgeGate,  an 
executive  recruiter  specializ¬ 
ing  in  technology  agrees  that 
integration  doesn’t  happen 
overnight.  “There’s  time  to 
build  relationships  inside  the 
acquiring  company  and 
show  them  that  they  acquired 
more  than  just  market  share  or  intellectual  property  they 
also  acquired  a  talent  pool  that’s  worthy  of  consideration.” 

That  doesn’t  mean  you  shouldn’t  prepare  yourself  for  possi¬ 
ble  upheaval.The  next  step  after  taking  a  deep  breath  is  to  dust 
off  your  resume  and  start  thinking  about  your  options. 

“Prepare  a  contingency  plan,”  Marks  advises. “Make  a  list 
of  who  you  would  call  [about  a  job] .  Update  your  resume. 
You  don’t  have  to  send  it  out  yet,  but  just  get  it  ready 
“If  you’re  the  acquired  party,  start  getting  your  resume 
ready  Fellows  agrees.“Have  it  ready  to  go,  but  don’t  pull  the 
trigger  unless  you  get  something  so  great  that  you  would 
have  left  your  [employer]  anyhow.”  If  you  immediately 
jump  ship, you  not  only  forgo  potential  opportunities  at  the 
newly  merged  company  but  also  forfeit  severance  pay¬ 
ments  and  benefits  that  frequently  are  offered  when  com¬ 
panies  trim  jobs  after  an  acquisition. 

“Through  every  acquisition  or  downsizing  I  went  through, 
there  were  severance  packages  that  came  along  with  it.  It’s 
kind  of  like  leaving  money  on  the  table,”  Fellows  says. 

Volunteer  for  any  transition  or  integration  teams  that  are 
formed  after  a  merger  or  acquisition  is  consummated. 
Demonstrating  a  constructive  attitude  and  valuable  prob¬ 
lem-solving  skills  improves  your  odds  of  surviving  and  even 
prospering  in  the  newly  combined  company  experts  say 
“There  were  lots  of  redundancies  and  lots  of  axes  falling 


with  each  merger/ recalls  Roy  Hayward, an  application  sup¬ 
port  manager  who  has  survived  the  consolidation  of  at 
least  seven  companies  in  fewer  than  six  years  with  his  cur¬ 
rent  employer,  Global  Healthcare  Exchange. 

“Everyone  would  come  to  me  to  solve  problems.  As  a 
technology  person,  when  the  companies  merged,  that 
made  me  very  valuable  to  keep  around,”  Hayward  says. 

Back-office  functions,  especially  networking  and  IT  in¬ 


frastructure,  often  play  a  significant  role  in  integrating 
merged  companies,  BridgeGate ’s  Rosenberg  says.  In  addi¬ 
tion  to  the  bonuses  and  other  incentives  frequently 
offered  to  key  IT  personnel  to  stay  and  help  with  the  tran¬ 
sition,  mergers  can  provide  an  opportunity  for  IT  pros  to 
showcase  their  talent. 

“During  that  period  of  time,  it’s  a  great  opportunity  for 
the  up-and-coming,  highly  ambitious,  overachiever 
types  to  show  the  acquiring  company  their  personal 
value,”  Rosenberg  says.  “And  it’s  a  great  way  to  be 
noticed,  whereas  in  your  former  life, you  may  have  been 
taken  for  granted.” 

Garretson  is  a  freelance  writer  in  Gaithersburg,  Md.  He 
can  be  reached  at  rgarretson@gmail.com. 
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continued  from  page  14 

about, and  use  that  in  the  future  to  help  you 
retrieve  information  that  is  of  a  similar 
nature,”  Edwards  says. 

Susan  Feldman,  vice  president  for  content 
technologies  at  IDC,  has  been  studying  the 
cost  of  ineffective  enterprise  search  for  five 
years.  Her  latest  research  paper,  released  in 
April,  found  that  information  workers  waste 
3.5  hours  per  week  on  searches  that  don’t 
turn  up  the  right  information.  Assuming  an 
average  salary  of  $60,000,  including  bene¬ 
fits  —  a  figure  based  on  2004  Bureau  of 
Labor  Statistics  data  —  the  cost  of  ineffec¬ 
tive  search  is  $5,251  per  worker,  per  year. 

“People  spend  about  nine  to  10  hours  a 
week,  on  average,  looking  for  information. 
Of  that  time,  they  don’t  find  the  information 
they’re  looking  for  a  third  to  half  the  time,” 
Feldman  says. 

Those  figures  apply  only  to  the  use  of 
enterprise  search  applications,  rather  than 
Web  searches,  such  as  those  on  Google, 
which  are  less  effective,  Feldman  says. 

Sometimes,  searches  fail  because  the 
answer  simply  isn’t  there.  Or,  the  right  doc¬ 
ument  might  exist  but  it  hasn’t  been  spi¬ 
dered  —  a  term  Feldman  uses  for  appli¬ 
cations  that  crawl  into  a  repository  and 
create  an  index  of  words  and  documents. 
If,  for  example,  the  server  for  the  CRM 
department  hasn’t  been  spidered,  lots  of 
useful  information  could  be  excluded 
from  searches,  she  says. 

When  setting  up  an  enterprise  search 
application,  company  managers  need  to 
figure  out  exactly  what  they  need. 

“Any  of  the  major  enterprise-search  ven¬ 
dors  have  service  groups  that  do  exactly 
this  for  you,”  Feldman  says.They’ll  sit  you 
down  and  say:  ‘Why  do  you  want  a  search 
engine?  Why  do  you  want  to  find  your  doc¬ 
uments?  Are  you  going  to  need  it  for  cus¬ 
tomer  service?  For  e-discovery?”’ 

New  federal  rules  requiring  companies  to 
maintain  electronic  documents  potentially 
needed  in  litigation  are  one  factor  driving 
companies  to  upgrade  search  engines.The 
best  enterprise  search  applications  widely 
available  today  use  concept  searches, 
which  look  for  documents  and  files  tied  to 
specific  concepts,  Feldman  says. 

A  keyword  search  on  Google  for  “high 
blood  pressure”  might  not  turn  up  useful 
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information  about  hypertension,  the 
technical  term  for  having  excessive 
blood  pressure,  Feldman  notes.  An  appli¬ 
cation  using  concept  search,  however, 
would  know  that  high  blood  pressure 
relates  to  hypertension  and  turn  up  more 
useful  information. 

Searching  based  on  concepts  is  “the  gen¬ 
eration  of  search  that  is  just  being  adopted 

“People  spend  about 
nine  to  10  hours  a 
week,  on  average,  look¬ 
ing  for  information  [and 
don’t  find  it]  a  third  to 
half  the  time.” 

Susan  Feldman,  vice  president  for  content 
technology  at  IDC. 

now;”  Feldman  says.  Most  enterprises  have 
not  yet  upgraded  to  platforms  that  use  this 
technique,  she  adds. 

Modern  search  applications  also  detect 
trends,  pulling  out  such  information  as 
stock  prices  and  presenting  it  in  a  chart 
format,  Feldman  says. 

Feldman  and  other  analysts  are  opti¬ 
mistic  that  semantic  technology  will  fuel 
the  next  generation  of  searches.  The  word 
semantic  “means  meaning,”  she  says,  so  an 
application  using  semantic  technology 
understands  not  just  keywords  but  also 
the  relationships  between  subjects,  verbs 
and  modifiers. 

“This  means  you  can  type  in  a  question 
and  it  will  understand  it,”  Feldman  says. 
“More  and  more  applications  are  able  to 
understand  who,  what,  when,  where  and 
why  questions,  and  differentiate  among 
them,”  she  says. 

The  Semantic  Web  has  been  a  hot  topic 
in  technology  circles.  It  has  been  defined 
as  “an  extension  of  the  current  Web  in 
which  information  is  given  well-defined 
meaning,  better  enabling  computers  and 
people  to  work  in  cooperation.” 

Building  a  Semantic  Web  requires  pro¬ 
viding  a  layer  of  meaning  and  under¬ 
standing  of  content,  which  is  a  major  chal¬ 
lenge  because  the  content  on  the  Internet 
is  owned  by  so  many  people,  Butler 
Group’s  Edwards  says. 

It’s  simpler  to  do  that  within  an  enter¬ 
prise  because  the  content  generated  by 
employees  would  be  owned  by  the  corpo¬ 
ration,  Edwards  notes. 

A  search  using  semantic  technology  will 
turn  up  the  most-desired  result  about  80% 
of  the  time,  while  searches  used  by  most 
companies  today  turn  up  the  right  answer 
less  than  half  the  time,  according  to 
Benjamin  Grosof,  assistant  professor  of  IT 
at  the  Massachusetts  Institute  of  Technol¬ 
ogy  Sloan  School  of  Management. 

“Semantic  technologies  will  advance  the 
state  of  the  art  within  the  next  few  years  by 
a  significant  amount,”  Grosof  says.B 
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i  ecently  my  colleague 
'Paul  McNamara  wrote 
l  in  his  Buzzblog  about 
yet  another  case  of  the 
Internet  being  demonized, 
and  the  piece  generated  quite  a  bit  of  feedback. 

Buzz  wrote  about  the  story  of  a  Houston  attorney  Jason 
Itkin.who  is  representing  four  families  whose  underage 
daughters  were  sexually  abused  after  meeting  men  they 
encountered  on  MySpace.  Itkin  and  the  complainants  are 
suing  not  only  MySpace  but  also  its  parent,  News  Corp.,for 
not  protecting  their  children. 

The  insanity  of  this  suit  is  what  got  Paul’s  readers’ 
juices  flowing,  and  the  unanimous  consensus  was  the 
blindingly  obvious  conclusion:  Why  weren’t  the  parents 
watching  out  for  their  children? 

With  a  bit  of  luck  the  case  will  get  dismissed  and  the 
lawyer  will  get  bupkis. 

But  will  this  be  the  end  of  bogus  legal  attacks  on  how 
we  use  Internet  services?  No,  because  it’s  guaranteed  that 
other  misguided  individuals  aided  by  opportunistic 
lawyers  will  want  somebody  else  to  be  responsible  for 
their  online  negligence,  gullibility  or  downright  stupidity 

In  terms  of  the  sheer  waste  of  time  and  money  involved, 
this  sorry  tale  is  bad  enough,  but  what’s  really  awful  is  that 
the  demonizing  of  the  Internet, which  has  been  going  on 


Demonizing  the  ’Net  and  losing  free  speech 

R: 


since  it  became  hot,  has  recently  become  increasingly  a 
stalking  horse  for  politicians. 

In  part,  it  is  obvious  why  this  is  so:The  Internet  is  a  mir¬ 
ror  of  our  culture  but  with  the  unique  attributes  of 
anonymity  immediacy  and  low-cost  access  enabling  a 
new  level  of  freedom  of  speech.This  makes  the  ’Net  a 
powerful  promoter  of  egalitarianism  —  the  doctrine  that 
equality  ought  to  prevail  throughout  society  —  which,  of 
course,  makes  most  politicians  pretty  nervous. 

That’s  not  to  say  politicians  haven’t  recognized  and 
embraced  the  potential  of  the  Internet;  for  example,  con¬ 
sider  John  Kerry’s  success  raising  campaign  funds  online 
in  ’04,  the  recent  rash  of  presidential  hopefuls  using  the 
Web  to  announce  their  candidacy  for  the  ’08  election, 
and  senators  and  representatives  communicating  with 
their  constituents  by  e-mail. 

Despite  this  apparent  wave  of  acceptance  it  seems  the 
Internet  also  provides  far  more  freedom  of  expression  for 
more  people  than  some  politicians  would  like. This  is 
obvious  from  the  way  that  the  “War  on  Terror”  has  become 
the  platform  from  which  the  conclusion  has  been  derived 
that  free  speech  is  dangerous.  In  October  last  year 
Michael  Chertoff,  U.S.  Homeland  Security  secretary,  speak¬ 
ing  at  Harvard  Law  School’s  Ames  Courtroom,  argued  that 
the  consequences  of  dismantling  the  Bill  of  Rights  would 
“have  to  be  measured  with  real-world  decisions  when 


deciding  on  matters  that  deal  with  life  or  death.” 

A  few  days  later  at  a  meeting  of  the  International 
Association  of  the  Chiefs  of  Police,  Chertoff  said:“We  now 
have  a  capability  of  someone  to  radicalize  themselves 
over  the  Internet. . .  .They  can  train  themselves  over  the 
Internet.They  never  have  to  necessarily  go  to  the  training 
camp  or  speak  with  anybody  else,  and  that  diffusion  of  a 
combination  of  hatred  and  technical  skills  in  things  like 
bomb-making  is  a  dangerous  combination.” 

This  is  the  kind  of  “thinking”  that  leads  to  the  recent 
remarkably  close  approval  (55  to  43)  of  an  amendment  to 
remove  a  section  of  a  bill  that  would  have  required  blog¬ 
gers  with  audiences  of  more  than  500  to  register  with  and 
report  quarterly  to  the  government  or  face  civil  penalties 
and  as  many  as  10  years  in  prison. 

Had  this  bill  passed  as  originally  structured  we  would 
have  witnessed  a  serious  blow  to  our  freedom  of  expres¬ 
sion.  What  worries  me  is  that  between  the  politicians  and 
lawyers  there’s  enough  juice  to  damage  not  only  the  ’Net 
but  the  Bill  of  Rights  as  well. The  question  is,  do  we  care 
enough  to  prevent  this  from  happening?  We  need  to  make 
sure  that  when  politicians  and  lawyers  get  the  ’Net  in  their 
sights,  we  speak  up  and  express  our  outrage. 

Whatever  outrage  you  have  left,  tell  me  at  back 
spin@gibbs.  com. 
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Wikipedia  has  to  do  what  it  has  to  do . . . 


Paul  McNamara 


Wikipedia  is  always  in  the  middle  of  some  brouhaha  or 
another,  and  last  week  was  a  double-header. 

First  up,  gums  were  a-flappin'  over  the  encyclopedia's 
decision  to  tag  all  links  on  its  site  “nofollow,"  which  will  render  those  links  invisible 
to  search  engines.  Whether  this  is  a  good  thing,  a  bad  thing  or  just  an  unavoidable 
thing  depends  on  who's  talking. 

Wikipedia  says  it's  unavoidable  because  of  the  mischief  caused  on  its  site  by  spam¬ 
mers  and  search-engine  optimization  schemers. 

Nick  Carr  was  among  the  critics:  ‘‘Wikipedia  is  adopting  the  policy  to  reduce  spam¬ 
mers’  incentives  to  add  spam  links  to  the  encyclopedia.  I  wonder,  though,  if  it  could  also 
have  the  effect  of  reinforcing  Wikipedia’s  hegemony  over  search  results.The  sources 
cited  in  Wikipedia,  many  of  which  are  original  sources,  will  no  longer  get  credit  for  their 
appearance  there,  which  should  cause  at  least  a  little  downward  pressure  in  their  own 
search  rankings  (hence  providing  a  little  more  upward  pressure,  relatively  speaking,  for 
Wikipedia's  articles).  Although  the  no-follow  move  is  certainly  understandable  from  a 
spam-f  ighting  perspective,  it  turns  Wikipedia  into  something  of  a  black  hole  on  the 
'Net.  It  sucks  up  vast  quantities  of  link  energy  but  never  releases  any.” 

Wikipedia’s  case  seems  the  more  compelling  here.  After  all,  its  primary  mission  is  to 
provide  a  reliably  usable  online  encyclopedia,  not  to  ensure  an  enduring  balance  of 
benefits  between  link  givers  and  link  receivers.  If  someone  has  a  better  idea  for  solving 
Wikipedia’s  spam  problem,  then  by  all  means  let's  hear  it. 

That  tempest  was  mild  compared  with  the  uproar  that  followed  the  revelation  that 
Microsoft  has  the  audacity  to  care  about  how  it  is  depicted  in  Wikipedia. 

it  was  quite  a  row.  And  Good  Morning  Silicon  Valley's  John  Paczkowski  did  an  out¬ 
standing  job  of  putting  in  their  place  all  those  who  were  lambasting  Microsoft  and 
standards  expert  Rick  Jelliffe  for  the  former  hiring  the  latter  to  correct  whatever 
Jelliffe  judged  to  be  inaccuracies  in  Wikipedia  entries  about  Open  Document  Format 
and  Microsoft  Office  Open  XML.  Paczkowski  wrote: 


"The  company  seems  to  have  been  honest  and  open  about  its  intentions.  It  offered  to 
hire  an  independent  expert  to  suggest  corrections  in  his  area  of  expertise.  Jelliffe  obvi¬ 
ously  isn't  a  Microsoft  apologist.  And  ultimately  any  changes  he  might  make  to  the 
entries  at  issue  will  be  reviewed  by  Wikipedia's  editors  and  removed  if  they're  inaccu¬ 
rate.  Given  Microsoft’s  position,  what  else  was  it  supposed  to  do?  Have  Waggener 
Edstrom  (Microsoft’s  PR  firm)  make  the  corrections?" 

That  was  exactly  my  take  on  the  matter  after  reading  Jelliffe’s  post. The  critics  are 
letting  their  anti-Microsoft  sentiments  get  in  the  way  of  giving  this  situation  an  intel¬ 
lectually  honest  weighing.  Microsoft  didn’t  do  anything  wrong,  unless  you  believe  every 
WikiSubject  is  obligated  to  sit  quietly  while  what  it  perceives  to  be  untruths  go  unchal¬ 
lenged.  And  Jelliffe  most  certainly  didn’t  do  anything  wrong  . . .  unless  you  want  to 
count  inviting  an  inevitable  round  of  baseless  criticism. 

Want  the  safest  spot  for  your  data  center? 

Who  wouldn't  want  a  data-center  location  that  will  leave  you  and  your  company  free 
of  any  and  all  worries  about  hurricanes,  tornadoes  and  earthquakes. 

Here’s  the  rub:  Your  options,  geographically  speaking,  are  extremely  limited,  accord¬ 
ing  to  a  fun  little  series  of  heat  maps  (www.nwdocfinder.com/7147)  collected  and  over¬ 
laid  upon  each  other  by  Pingdom,  a  Web  site  monitoring  company. 

Your  choices:  a  swath  of  east-central  Montana  and  the  southwest  corner  of  North 
Dakota;  northern  Minnesota  and  Michigan's  Upper  Peninsula;  northern  Missouri;  and 
oddly  enough,  there's  a  skinny  stretch  of  Texas  from  just  north  of  its  southern  tip  to 
right  about  where  you'd  expect  to  find  the  state's  bellybutton  that  not  only  avoids  hurri¬ 
canes  and  earthquakes  but  has  some  kind  of  magical  force  field  that  shields  it  from 
twisters  wandering  over  from  the  high-risk  tornado  zones  immediately  to  its  east,  west 
and  north.  (Note  to  self:  Find  out  what  kind  of  technology  is  at  work  there.) 

Get  it  off  your  chest.  Buzz@nww.com. 
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»  Branch  office  application  performance  plummeting  with  each  IT  initiative?  See  how  Juniper  makes  any  branch  office 
faster,  with  Juniper  Networks  Application  Acceleration  solutions. 

Only  Juniper  provides  acceleration  across  the  broadest  range  of  application  types  for  branch  offices,  along  with  an 
extensive  portfolio  of  complementary  security  and  transport  solutions.  So  roll  out  new  applications  while  web-enabling 
others.  Replicate  and  back  up  data  continuously  across  the  WAN.  Save  on  hardware,  application  license  and  WAN 
service  costs  by  centralizing  servers  and  consolidating  data  centers  -  all  while  providing  LAN-like  application  response 

for  branch  office  users:  www.juniper.net/acceleration 
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Connectivity,  Convergence 
and  Compliance — all  Secure 
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Enterasys  security-enabled  network  infrastructure  products  give  you  granular 
visibility  and  control  over  who’s  using  your  network  and  your  voice,  video  and 
data  communications — wired  and  wireless;  switching  and  routing;  LAN  and  WAN. 

Our  advanced  security  applications  produce  compliance  reports  and  proactively 
prevent  threats  against  your  IT  assets  with  our  intrusion  prevention  and  network 
access  control  solutions. 

Let  us  show  you  how  we  can  automatically  protect  you  and  your  information 
without  sacrificing  performance. 


Leading  companies  in  more 
than  70  countries  ensure 
the  integrity  and  performance 
of  their  IT  services  with 
Enterasys  Secure  Networks ™ 


■ 

We  Secure  Any  Network 

Set  up  a  time  to  see  how  our  unique  approach  can  secure  any 
network  from  any  vendor  while  leveraging  your  existing  investments. 
Call  +1  877-801-7082  or  visit  enterasys.com/securenetworks. 
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There  is  nothing  more  important  than  our  customers. 


